Re: Routingtable vulnerability

On Mon, Jun 02, 2003 at 04:38:42AM -0700, peace bwitchu penned: > I'm not saying your wrong but I don't see that in the > changelog for 2.4.21-rc6. Sorry. You are correct. I meant -rc4. The original RH ioperm fix in -rc3 was the one which wasn't quite right. > The ip conntrack routing table h

Re: Routingtable vulnerability

On Mon, Jun 02, 2003 at 04:38:42AM -0700, peace bwitchu penned: > I'm not saying your wrong but I don't see that in the > changelog for 2.4.21-rc6. Sorry. You are correct. I meant -rc4. The original RH ioperm fix in -rc3 was the one which wasn't quite right. > The ip conntrack routing table h

Re: Routingtable vulnerability

I'm not saying your wrong but I don't see that in the changelog for 2.4.21-rc6. Anyway ioperm problem was fixed in 2.4.21-rc3 and then again in 2.4.21-rc4. The ip conntrack routing table hash exploit had been fixed in 2.4.21-rc2. --- Bob Billson <[EMAIL PROTECTED]> wrote: > On Fri, May 30, 20

Re: Routingtable vulnerability

I'm not saying your wrong but I don't see that in the changelog for 2.4.21-rc6. Anyway ioperm problem was fixed in 2.4.21-rc3 and then again in 2.4.21-rc4. The ip conntrack routing table hash exploit had been fixed in 2.4.21-rc2. --- Bob Billson <[EMAIL PROTECTED]> wrote: > On Fri, May 30, 20

Re: Routingtable vulnerability

On Fri, May 30, 2003 at 06:22:03PM -0700, peace bwitchu penned: > The fix has been fixed as 2.4.21-rc4 I believe. The > original patch by redhat was in 2.4.21-rc3 But this fix was reported to break something else. The fixed fix :-) is in 2.4.21-rc6. bob -- bob billsonemail:

Re: Routingtable vulnerability

On Fri, May 30, 2003 at 06:22:03PM -0700, peace bwitchu penned: > The fix has been fixed as 2.4.21-rc4 I believe. The > original patch by redhat was in 2.4.21-rc3 But this fix was reported to break something else. The fixed fix :-) is in 2.4.21-rc6. bob -- bob billsonemail:

Re: Routingtable vulnerability

The fix has been fixed as 2.4.21-rc4 I believe. The original patch by redhat was in 2.4.21-rc3 Peace --- Peter Billson <[EMAIL PROTECTED]> wrote: > Thomas, > My brother tells me that there has been some > discussion about this on > the kernel list. RedHat's patch was applied to > 2.4.21 (plus

Re: Routingtable vulnerability

The fix has been fixed as 2.4.21-rc4 I believe. The original patch by redhat was in 2.4.21-rc3 Peace --- Peter Billson <[EMAIL PROTECTED]> wrote: > Thomas, > My brother tells me that there has been some > discussion about this on > the kernel list. RedHat's patch was applied to > 2.4.21 (plus

Re: Routingtable vulnerability

Thomas, My brother tells me that there has been some discussion about this on the kernel list. RedHat's patch was applied to 2.4.21 (plus 2.5.69) but people are reporting that the patch breaks other things so it is not yet ready for prime time. At this point this remains only a theoretical fla

RE: Routingtable vulnerability

Hi, thanks! :-) Thomas. >-Original Message- >From: Adrian 'Dagurashibanipal' von Bidder [mailto:[EMAIL PROTECTED] >Sent: Monday, May 26, 2003 12:50 PM >To: debian-isp@lists.debian.org >Subject: Re: Routingtable vulnerability > > >On Monday 26 May 2003

Re: Routingtable vulnerability

On Monday 26 May 2003 11:47, Thomas Hebinck wrote: > Hi, > > is there really nobody who knows anything about this vulnerability? > We use Debian Woody as firewall ... A new Debian kernel-sources (and, IIRC, also kernel-image-...) package is out with the routing table fix, also adds a few other fi

RE: Routingtable vulnerability

Hi, is there really nobody who knows anything about this vulnerability? We use Debian Woody as firewall ... Sincerely, Thomas >-Original Message- >From: www-data [mailto:[EMAIL PROTECTED] Behalf Of >[EMAIL PROTECTED] >Sent: Wednesday, May 21, 2003 11:50 AM >To: debian-isp@lists.debian.or