|
Multiple Vendor Teardrop Denial of Service Vulnerability
Solution: This fix information was made available (in an edited format) the CERT/CC advisory CERT* Advisory CA-97.28. Appendix A - Vendor Information Below is a list of the vendors who have provided information for this advisory. We will update this appendix as we receive additional information. If you do not see your vendor's name, the CERT/CC did not hear from that vendor. Please contact the vendor directly. Berkeley Software Design, Inc. (BSDI) ---------------------------------------------------- No version of BSD/OS is vulnerable to Teardrop. Caldera Corporation ---------------------------- Topic 1 - Teardrop Unless patched, Linux 2.0.x kernels prior to 2.0.32 are vulnerable. With the application of the kernel update described in Caldera Security Advisory SA-1997.29 (dated 3-Dec-1997), Caldera OpenLinux is not vulnerable. This Caldera advisory describes how to obtain and install the update and can be found at: http://www.caldera.com/tech-ref/security/SA-1997.29.html Other Caldera Security Advisories can be found at: http://www.caldera.com/tech-ref/security/ Cisco Systems ---------------------- Topic 1 - Teardrop Not vulnerable. For more information reference URL: http://www.cisco.com/warp/public/770/land-pub.shtml Digital Equipment Corporation ------------------------------------------ This reported problem is not present for Digital's ULTRIX or Digital UNIX Operating Systems Software. The FreeBSD Project ------------------------------ Topic 1 - Teardrop CSRG 4.4 is not vulnerable. Hewlett-Packard Corporation ------------------------------------------ HPSBUX9801-076 SECURITY BULLETIN: #00076, 21 January 1998 Description: Security Vulnerability with land on HP-UX The problem can be fixed by applying the appropriate cumulative ARPA Transport patch mentioned below. HP-UX release 11.00 HP9000 Series 700/800 PHNE_14017 HP-UX release 10.30 HP9000 Series 700/800 PHNE_13671 HP-UX release 10.20 HP9000 Series 800 PHNE_13468 HP-UX release 10.24 HP9000 Series 700 PHNE_13888 HP-UX release 10.24 HP9000 Series 800 PHNE_13889 HP-UX release 10.20 HP9000 Series 800 PHNE_13468 HP-UX release 10.20 HP9000 Series 700 PHNE_13469 HP-UX release 10.16 HP9000 Series 700 PHKL_14242 HP-UX release 10.16 HP9000 Series 800 PHKL_14243 HP-UX release 10.10 HP9000 Series 800 PHNE_13470 HP-UX release 10.10 HP9000 Series 700 PHNE_13471 HP-UX release 10.01 HP9000 Series 800 PHNE_13472 HP-UX release 10.01 HP9000 Series 700 PHNE_13473 HP-UX release 10.00 HP9000 Series 800 PHNE_13474 HP-UX release 10.00 HP9000 Series 700 PHNE_13475 HP-UX release 9.04 HP9000 Series 800 PHNE_13476 HP-UX release 9.0[3,5,7] HP9000 Series 700 PHNE_13477 HP-UX release 9.01 HP9000 Series 700 PHNE_13478 HP-UX release 9.00 HP9000 Series 800 PHNE_13479 IBM Corporation ------------------------ Topic 1 - Teardrop AIX is not vulnerable. NCR Corporation ------------------------- Topic 1 - Teardrop NCR MP-RAS TCP/IP implementation is not vulnerable. The NetBSD Project ----------------------------- Topic 1 - Teardrop Versions 1.2 and above are not vulnerable. Red Hat Software ------------------------- Topic 1 - Teardrop Linux is not vulnerable. Sun Microsystems, Inc. --------------------------------- Topic 1 - Teardrop All releases of Solaris are not vulnerable. All supported versions of SunOS 4.1.x (4.1.3_U1 and 4.1.4) are not vulnerable. -----End of Appendix A----- Microsoft NT4 ------- Microsoft has released a post Service Pack 3 hotfix for Windows NT 4.0. This hotfix has been archived at: ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/nt40/hotfixes-postSP3/archive/icmp-fix/ This fix was superseded by the teardrop2-fix, available at: ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/nt40/hotfixes-postSP3/teardrop2-fix/ These fixes were rolled-up into NT Service Pack 4. NT3.51 ------- Microsoft has released a post Service Pack 5 hotfix for Windows NT 3.51. This hotfix has been included in the teardrop2 hotfix, available at: ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/NT351/hotfixes-postSP5/teardrop2-fix/ |
|
|
Privacy Statement |
