On Wed, Dec 17, 1997 at 01:26:45AM +0000, Alan Cox wrote: > > > Red Hat Software > > > ================ > > > > > > Topic 1 - Teardrop > > > > > > Linux is not vulnerable. > > > > It's well known that versions of Linux prior to publishing of the > > teardrop attack *were* vulnerable. The above borders on an outright > > lie. > > I've already moaned. The correct answer is: > > Linux > > Prior to 2.0.31 and earlier are vulnerable to teardrop Again - if not patched. > 2.0.32 and above are not. Caldera's security advisory on this subject points to a version of 2.0.29 (to maintain compatibility with the kernel from our last release) plus Teardrop and FOOF patches (http://www.caldera.com/tech-ref/security/). > RedHat 5.0 ships with a 2.0.31+patches that is not vulnerable. RH5.0 > update for the 2.0.32 kernel is on ftp.redhat.com Apparently along with others, we've also recommended CERT reword the "Linux is not vulnerable" line. The section of their advisory they added for us clarifies the Linux situation a bit better, but as of today, the other sections of their advisory still reads as originally worded. FYI- the updated CERT advisory in question is at: ftp://ftp.cert.org/pub/cert_advisories/CA-97.28.Teardrop_Land Ron -- Ron Holt <ronat_private> [Caldera, Inc.] http://www.holt.org
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:37:10 PDT