LISTSERV - HP3000-L Archives

HP3000-L Archives

July 1997, Week 2

HP3000-L@RAVEN.UTC.EDU

	LISTSERV Archives
	HP3000-L Home
	HP3000-L July 1997, Week 2

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Sec. Vulnerability w/ specific incoming ICMP Echo Request (ping)
From:	Mark Bixby <[log in to unmask]>
Reply To:	[log in to unmask]
Date:	Fri, 11 Jul 1997 11:16:24 -0700
Content-Type:	text/plain
Parts/Attachments:	text/plain (23 lines)

Security Alert writes:
> PROBLEM:  Vulnerability with specific incoming ICMP Echo Request (ping)
>           packets.

...deletia...

>           Apply patch NSTEDL8A to systems running MPE/iX Release 5.5
>             and its Powerpatches (C.55.00 through C.55.02).

NSTEDL8A *does* protect against the Ping of Death.  But, as I mentioned in a
previous posting, NSTEDL8A exposes an uninitalized variable elsewhere in the
networking code which will break bootp.

I have received beta patch NSTEDQ1A which supersedes NSTEDL8A and is supposed
to fix the bootp problem too.  I probably won't be able to install and test
it until Tuesday 7/15, so I will post then with my results.
--
Mark Bixby                      E-mail: [log in to unmask]
Coast Community College Dist.   Web: http://www.cccd.edu/~markb/
District Information Services   1370 Adams Ave, Costa Mesa, CA, USA 92626-5429
Technical Support               +1 714 438-4647
"You can tune a file system, but you can't tune a fish." - tunefs(1M)

ATOM RSS1 RSS2

RAVEN.UTC.EDU