|

»

freebsd-security

CVE-2008-4609

View: New views

3 Messages — Rating Filter: Alert me

	CVE-2008-4609 by Andrew Storms :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Now that the details are out - MS and Cisco patched today. I went looking back into the FreeBSD security announcements and don't seem to be able to find any references for a patch. Did FreeBSD already patch or discuss this bug and I missed it? http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4609 Thanks -_S _______________________________________________ freebsd-security@... mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@..."
	RE: CVE-2008-4609 by olli hauer :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message > Now that the details are out - MS and Cisco patched today. > I went looking back into the FreeBSD security announcements and don't > seem > to be able to find any references for a patch. > Did FreeBSD already patch or discuss this bug and I missed it? > > http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4609 > > Thanks > > -_S According the more complete list at http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4609 the latest rel. (FreeBSD 6.4/7.2, OpenBSD 4.4+) are not a affected. It seems if you run the latest versions of Free/OpenBSD you are fine. olli _______________________________________________ freebsd-security@... mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@..."
	Re: CVE-2008-4609 by Dag-Erling Smørgrav :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Andrew Storms <astorms@...> writes: > Now that the details are out - MS and Cisco patched today. I went > looking back into the FreeBSD security announcements and don't seem to > be able to find any references for a patch. Did FreeBSD already patch > or discuss this bug and I missed it? This is old news: http://www.google.com/#&q=sockstress The initial version was just connection flooding - they thought it was a big deal because they came up with a very clever and complicated setup to increase the flood rate, when in fact a short C program using bpf could have done the job just as well. When people pointed out that it was a load of bs, they started making wild claims about more serious attacks, the details of which would be released at the next compsec conference, except not really, because we're still working on it, but the next one, we promise, for real this time... Just read their website (http://www.sockstress.com/), it'll give you an idea of just how far off their rocker they are. DES -- Dag-Erling Smørgrav - des@... _______________________________________________ freebsd-security@... mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@..."