Hello List, I have been asked to respond to the following two potential security problems for my Debian (woody) servers and I am looking for solid reference material. I am running a custom 2.4.18 kernel.
For this seqport problem I have not been able to find any data as to my systems vunerability. I am sure that I do not have a problem, but I need to answer with published details. ---------------------- Name: CVE-1999-0074 Reference: XF:seqport Listening TCP ports are sequentially allocated, allowing spoofing attacks. ---------------------- For the tcp-seq-predict problem I have found- http://online.securityfocus.com/bid/670/ and http://online.securityfocus.com/bid/670/discussion/ which seem to indicate that the problem was fixed in or about the 2.2.13 kernel time period. Is this really the case? ---------------------- Name: CVE-1999-0077 Reference: XF:tcp-seq-predict Predictable TCP sequence numbers allow spoofing. ---------------------- Thanks for any help, -- Bill
