Hi! Sebastian Krahmer schrieb am Tue, 14 Nov 2000 um 11:49:
On Tue, 14 Nov 2000, John wrote:
versions > 2.1.121 are vulnerable. Checking on my SuSE 6.1 system with /sbin/modprobe -V shows that it's running version 2.2.2-pre6.
Since this bug needs ping6 to be exploited and this isnt shiped on <6.4, it could be hard to exploit. If paranoid, update modules package. It cant hurt you :)
Maybe I got something wrong; as far as I understand the problem, the bug does not "need" ping6 to be exploited, but it's the published exploit (bugtraq) being written to use ping6 for it's means. In other words: SuSE < 6.4 should be script kiddy safe (as the published exploit will not work), but it is at least possible, if not likely, that our boxes still are vulnerable... I'd really like to see updated packages from SuSE. Bye, Bastian -- Bastian Friedrich bastian@bastian-friedrich.de Adress & Fon available on my HP http://www.bastian-friedrich.de/ \~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\ \ ech`echo "xiun" | tr nu oc | sed 'sx\([sx]\)\([xoi]\)xo un\2\1 is xg'`ol