[16970] in bugtraq
Re: Very interesting traceroute flaw
daemon@ATHENA.MIT.EDU (Daniel Jacobowitz)
Sat Sep 30 16:33:15 2000
Mail-Followup-To: BUGTRAQ@SECURITYFOCUS.COM
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="CE+1k2dSO48ffgeK"
Content-Disposition: inline
Message-Id: <20000930034638.A3303@drow.them.org>
Date: Sat, 30 Sep 2000 03:46:38 -0400
Reply-To: Daniel Jacobowitz <dmj+@ANDREW.CMU.EDU>
From: Daniel Jacobowitz <dmj+@ANDREW.CMU.EDU>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <news2mail-8r1i0o$4q9$6@mate.bln.innominate.de>; from
news-list.bugtraq@innominate.de on Fri, Sep 29,
2000 at 07:57:12AM +0000
--CE+1k2dSO48ffgeK
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Fri, Sep 29, 2000 at 07:57:12AM +0000, Martin Peikert wrote:
> Chris Evans <chris@ferret.lmh.ox.ac.uk> wrote:
> > VERSIONS AFFECTED
> > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
> >
> > (Where LBNL =3D Lawrence Berkeley National Laboratory)
> >
> > Affected: LBNL 1.4a5
> > Safe: LBNL 1.4a7
> > Safe: RedHat7.0 traceroute (1.4a5 + a patch)
>=20
> Debian potato: Affected
> Debian woody: Safe
This will be fixed in 2.2r1, expected shortly. Meanwhile, fixed
packages have been in the proposed-updates distribution for a month.
Apt: deb http://http.us.debian.org/debian dists/proposed-updates/
Http: http://http.us.debian.org/debian/dists/proposed-updates
fa0c426fa84bf54ec33093bae90c1fdf traceroute_1.4a5-3.diff.gz
4bd7bc9ec1894c75e7ccba51e6a91cc6 traceroute_1.4a5-3.dsc
6b3f20ecb08276c15715ae54ef8be0c7 traceroute_1.4a5-3_alpha.deb
feba02e20848bdfafa6bf7dd9c594eba traceroute_1.4a5-3_i386.deb
fdc5a6ed3cd97067c4b7e1ddf7945287 traceroute_1.4a5-3_m68k.deb
Dan
/--------------------------------\ /--------------------------------\
| Daniel Jacobowitz |__| SCS Class of 2002 |
| Debian GNU/Linux Developer __ Carnegie Mellon University |
| dan@debian.org | | dmj+@andrew.cmu.edu |
\--------------------------------/ \--------------------------------/
--CE+1k2dSO48ffgeK
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE51ZpebgOPXuCjg3cRAgIcAKCESA5WBeVjhWpew8quPd8cZ/jARACfRN3h
HD1iz0IB5KNlhBIQ81O8mx0=
=MMq4
-----END PGP SIGNATURE-----
--CE+1k2dSO48ffgeK--
