VU#210321

Mailman List Mirror (Read Only)
1

-----BEGIN PGP SIGNED MESSAGE-----

Hello,

The CERT/CC has recently seen discussions in a public forum detailing
potential vulnerabilities in several TCP/IP implementations (Linux,
OpenBSD, and FreeBSD). We are particularly concerned about these types
of vulnerabilities because they have the potential to be exploited
even if the target machine has no open ports.

The messages can be found here:

http://lists.netsys.com/pipermail/full-disclosure/2002-September/001667.html
http://lists.netsys.com/pipermail/full-disclosure/2002-September/001668.html
http://lists.netsys.com/pipermail/full-disclosure/2002-September/001664.html
http://lists.netsys.com/pipermail/full-disclosure/2002-September/001643.html

Note that one individual claims two exploits exist in the
underground. At this point in time, we do not have any more
information, nor have we been able to confirm the existence of these
vulnerabilities.

We would appreciate any feedback or insight you may have. We will
continue to keep an eye out for further discussions regarding this
topic.

FYI,
Ian

Ian A. Finlay
CERT (R) Coordination Center
Software Engineering Institute
Carnegie Mellon University
Pittsburgh, PA USA 15213-3890

2

Ian,
  So right now this is a scary rumor floating around the security
scene? Is there any particular trace, or any further details your aware
of? Also, I think it may be safe to assume the Mac OS X/Jaguar may be
vulnerable as well. AFAIK it runs of the BSD IP Stack, so it's more than
likely that it is vulnerable if this exploit is in fact a reality. I'll
keep an eye out for any suspicious traffic myself, as I'm sure will the
rest of the list. Thanks for the warning, as if this is real, it could
be be potentially very harmful. Any great C Coders out there start
pouring over the code yet?

Derek

From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf

Of

3

-----BEGIN PGP SIGNED MESSAGE-----

Hi, Derek.

So right now this is a scary rumor floating around the security
scene?

Right. Rumors for now...

Is there any particular trace, or any further details your aware
of?

Not at this time.

Also, I think it Amay be safe to assume the Mac OS X/Jaguar may be
vulnerable as well. AFAIK it runs of the BSD IP Stack, so it's more than
likely that it is vulnerable if this exploit is in fact a reality. I'll
keep an eye out for any suspicious traffic myself, as I'm sure will the
rest of the list.

Thank you, we really appreciate it.

Thanks for the warning, as if this is real, it could
be be potentially very harmful. Any great C Coders out there start
pouring over the code yet?

Glad to be of help. I really appreciate the feedback we get from the
NANOG community.

Thanks again,
Ian

Ian A. Finlay
CERT (R) Coordination Center
Software Engineering Institute
Carnegie Mellon University
Pittsburgh, PA USA 15213-3890