Hmmm. The date on the us-cert.org notice is for Apr 21/2004. I think that what may be new is that it was originally thought to require a seq num match that was previously considered improbable to guess, but is now considered to be 'easy' to guess. Page:In the news, there's mention of a TCP vulnerability that may impact LEAF. Apologies if this is not relevant to us.
This vulnerability is 3 years old. Linux was patched even then, so LEAF is
ok :).
http://www.kb.cert.org/vuls/id/415294
has some more details.
Anyway the folks at Cisco have, as of Apr 20/2004 identified _all_ of their products as vulnerable. I can't say for sure but I would be surprised to see Cisco using software that contained a vulnerability that was identified and corrected (in other products/OS'es) 3 years ago.
Perhaps you're thinking of a different vulnerability?
details:
http://www.us-cert.gov/cas/techalerts/TA04-111A.html
I checked with Zebra/Quagga folks about BGP; they said it is O/S dependant.
So LEAF and even Bering's bgpd.lrp are ok :)
That makes sense because (I think) the TCP stack is maintained by the OS.
scott; canada
Cheers,
P
------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
