[Fwd: VU#210321]

To: debian-isp@lists.debian.org
Subject: [Fwd: VU#210321]
From: Jeff S Wheeler <jsw@five-elements.com>
Date: 10 Sep 2002 10:49:54 -0400
Message-id: <[🔎] 1031669395.21626.11.camel@intrepid>

Below is a message some CERT folk posted to NANOG-L this morning.  I
personally think it's a crock of shit, and that CERT is damaging their
credibility by advising based purely on rumor and speculation, however
perhaps someone on this list has additional information?

Facts and first-hand information only, please.

--
Jeff S Wheeler <jsw@five-elements.com>


-----Forwarded Message-----

From: CERT(R) Coordination Center <cert@cert.org>
To: nanog@merit.edu
Cc: CERT(R) Coordination Center <cert@cert.org>
Subject: VU#210321
Date: 10 Sep 2002 10:16:14 -0400


-----BEGIN PGP SIGNED MESSAGE-----

Hello,

The CERT/CC has recently seen discussions in a public forum detailing
potential vulnerabilities in several TCP/IP implementations (Linux,
OpenBSD, and FreeBSD). We are particularly concerned about these types
of vulnerabilities because they have the potential to be exploited
even if the target machine has no open ports.

The messages can be found here:

http://lists.netsys.com/pipermail/full-disclosure/2002-September/001667.html
http://lists.netsys.com/pipermail/full-disclosure/2002-September/001668.html
http://lists.netsys.com/pipermail/full-disclosure/2002-September/001664.html
http://lists.netsys.com/pipermail/full-disclosure/2002-September/001643.html

Note that one individual claims two exploits exist in the
underground. At this point in time, we do not have any more
information, nor have we been able to confirm the existence of these
vulnerabilities.

We would appreciate any feedback or insight you may have. We will
continue to keep an eye out for further discussions regarding this
topic.

FYI,
Ian

Ian A. Finlay
CERT (R) Coordination Center
Software Engineering Institute
Carnegie Mellon University
Pittsburgh, PA  USA  15213-3890
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0i for non-commercial use
Charset: noconv

iQCVAwUBPX3/VqCVPMXQI2HJAQFEqQQAr54e9c5SGgrIfmK5+EWqSOdvySKRtjwa
6dE4Z4DcoyHS57W5BEwW2OSXSGwrBL+mzippfTEnwAVT/otLYAADsnlPSQioRYNi
qHVh8yRXgh3kBgx3cMdhe3NC6zaSWffOsc/EvhkCDo2xa8FQItOqE5MjOeASjt1L
st5qq4mgM+E=
=kHt1
-----END PGP SIGNATURE-----

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to:

Prev by Date: Re: Traffic Monitoring
Next by Date: Re: Postfix, cyrus, mysql and web-cyradm
Previous by thread: Re: Traffic Monitoring
Next by thread: ISPMan 0.9.3 Problems
Index(es):
- Date
- Thread