Multiple Vendor Teardrop Denial of Service Vulnerability

Solution:
This fix information was made available (in an edited format) the CERT/CC advisory CERT* Advisory CA-97.28.

Appendix A - Vendor Information

Below is a list of the vendors who have provided information for this advisory. We will update this appendix as we receive additional information. If you do not see your vendor's name, the CERT/CC did not hear from that vendor. Please contact the vendor directly.

Berkeley Software Design, Inc. (BSDI)
----------------------------------------------------

No version of BSD/OS is vulnerable to Teardrop.

Caldera Corporation
----------------------------

Topic 1 - Teardrop

Unless patched, Linux 2.0.x kernels prior to 2.0.32 are vulnerable. With the application of the kernel update described in Caldera Security Advisory SA-1997.29 (dated 3-Dec-1997), Caldera OpenLinux is not vulnerable. This Caldera advisory describes how to obtain and install the update and can be found at:

http://www.caldera.com/tech-ref/security/SA-1997.29.html

Other Caldera Security Advisories can be found at:

http://www.caldera.com/tech-ref/security/

Cisco Systems
----------------------

Topic 1 - Teardrop

Not vulnerable.

For more information reference URL: http://www.cisco.com/warp/public/770/land-pub.shtml

Digital Equipment Corporation
------------------------------------------

This reported problem is not present for Digital's ULTRIX or Digital UNIX Operating Systems Software.

The FreeBSD Project
------------------------------

Topic 1 - Teardrop

CSRG 4.4 is not vulnerable.

Hewlett-Packard Corporation
------------------------------------------

HPSBUX9801-076 SECURITY BULLETIN: #00076, 21 January 1998

Description: Security Vulnerability with land on HP-UX

The problem can be fixed by applying the appropriate cumulative ARPA Transport patch mentioned below.

HP-UX release 11.00 HP9000 Series 700/800 PHNE_14017 HP-UX release 10.30 HP9000 Series 700/800 PHNE_13671 HP-UX release 10.20 HP9000 Series 800 PHNE_13468 HP-UX release 10.24 HP9000 Series 700 PHNE_13888 HP-UX release 10.24 HP9000 Series 800 PHNE_13889 HP-UX release 10.20 HP9000 Series 800 PHNE_13468 HP-UX release 10.20 HP9000 Series 700 PHNE_13469 HP-UX release 10.16 HP9000 Series 700 PHKL_14242 HP-UX release 10.16 HP9000 Series 800 PHKL_14243 HP-UX release 10.10 HP9000 Series 800 PHNE_13470 HP-UX release 10.10 HP9000 Series 700 PHNE_13471 HP-UX release 10.01 HP9000 Series 800 PHNE_13472 HP-UX release 10.01 HP9000 Series 700 PHNE_13473 HP-UX release 10.00 HP9000 Series 800 PHNE_13474 HP-UX release 10.00 HP9000 Series 700 PHNE_13475 HP-UX release 9.04 HP9000 Series 800 PHNE_13476 HP-UX release 9.0[3,5,7] HP9000 Series 700 PHNE_13477 HP-UX release 9.01 HP9000 Series 700 PHNE_13478 HP-UX release 9.00 HP9000 Series 800 PHNE_13479

IBM Corporation
------------------------

Topic 1 - Teardrop

AIX is not vulnerable.

NCR Corporation
-------------------------

Topic 1 - Teardrop

NCR MP-RAS TCP/IP implementation is not vulnerable.

The NetBSD Project
-----------------------------

Topic 1 - Teardrop

Versions 1.2 and above are not vulnerable.

Red Hat Software
-------------------------

Topic 1 - Teardrop

Linux is not vulnerable.

Sun Microsystems, Inc.
---------------------------------

Topic 1 - Teardrop

All releases of Solaris are not vulnerable. All supported versions of SunOS 4.1.x (4.1.3_U1 and 4.1.4) are not vulnerable.

-----End of Appendix A-----

Microsoft

NT4
-------
Microsoft has released a post Service Pack 3 hotfix for Windows NT 4.0. This hotfix has been archived at: ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/nt40/hotfixes-postSP3/archive/icmp-fix/

This fix was superseded by the teardrop2-fix, available at: ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/nt40/hotfixes-postSP3/teardrop2-fix/

These fixes were rolled-up into NT Service Pack 4.

NT3.51
-------
Microsoft has released a post Service Pack 5 hotfix for Windows NT 3.51. This hotfix has been included in the teardrop2 hotfix, available at:
ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/NT351/hotfixes-postSP5/teardrop2-fix/



 

Privacy Statement
Copyright 2010, SecurityFocus