Date: Sat, 30 Sep 2000 03:46:38 -0400 Subject: Re: Very interesting traceroute flaw To: BUGTRAQ@SECURITYFOCUS.COM --CE+1k2dSO48ffgeK Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Fri, Sep 29, 2000 at 07:57:12AM +0000, Martin Peikert wrote: > Chris Evans <chris@ferret.lmh.ox.ac.uk> wrote: > > VERSIONS AFFECTED > > ================= > > > > (Where LBNL = Lawrence Berkeley National Laboratory) > > > > Affected: LBNL 1.4a5 > > Safe: LBNL 1.4a7 > > Safe: RedHat7.0 traceroute (1.4a5 + a patch) > > Debian potato: Affected > Debian woody: Safe This will be fixed in 2.2r1, expected shortly. Meanwhile, fixed packages have been in the proposed-updates distribution for a month. Apt: deb http://http.us.debian.org/debian dists/proposed-updates/ Http: http://http.us.debian.org/debian/dists/proposed-updates fa0c426fa84bf54ec33093bae90c1fdf traceroute_1.4a5-3.diff.gz 4bd7bc9ec1894c75e7ccba51e6a91cc6 traceroute_1.4a5-3.dsc 6b3f20ecb08276c15715ae54ef8be0c7 traceroute_1.4a5-3_alpha.deb feba02e20848bdfafa6bf7dd9c594eba traceroute_1.4a5-3_i386.deb fdc5a6ed3cd97067c4b7e1ddf7945287 traceroute_1.4a5-3_m68k.deb Dan /--------------------------------\ /--------------------------------\ | Daniel Jacobowitz |__| SCS Class of 2002 | | Debian GNU/Linux Developer __ Carnegie Mellon University | | dan@debian.org | | dmj+@andrew.cmu.edu | \--------------------------------/ \--------------------------------/ --CE+1k2dSO48ffgeK Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE51ZpebgOPXuCjg3cRAgIcAKCESA5WBeVjhWpew8quPd8cZ/jARACfRN3h HD1iz0IB5KNlhBIQ81O8mx0=MMq4 -----END PGP SIGNATURE----- --CE+1k2dSO48ffgeK--