For convenience forwarded  by me from:

http://www.newhackcity.net

******************************************************************************
*        advisory_id:20000504a.0              release_date:2000-05-04        *
*                                                                            *
*IIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIII*
* main_fracas:                                                               *
* It is possible to cause a kernel panic on systems running NetBSD           *
* by sending a packet remotely with an unaligned IP Timestamp option.        *
*                                                                            *
* affected_configurations:                                                   *
* NetBSD 1.4.x on SPARC and Alpha platforms were tested and found to be      *
* vulnerable. Any platform where a page fault is caused by an unaligned      *
* memory access should also be vulnerable.                                   *
*                                                                            *
* unaffected_configurations:                                                 *
* NetBSD 1.4.x on arm32 and x86 platforms were tested and found to not       *
* panic. However, this is only because these (and a few other untested)      *
* platforms do not page fault on unaligned memory accesses.                  *
*                                                                            *
* notification:                                                              *
* This was originally reported to the NetBSD Security Alerts mailing list on *
* March 1, 2000, which was before the release of NetBSD 1.4.2.               *
*IIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIII*
*                   --<<instructions 4 reproduction>>--                      *
*                                                                            *
* 1. Download, compile, and install libnet. It can be obtained from          *
* http://www.packetfactory.net                                               *
*                                                                            *
* 2. Download and compile the ISIC suite of utilities. They are at           *
* http://expert.cc.purdue.edu/~frantzen                                      *
*                                                                            *
* 3. After compiling the isic utilities, run the following from your shell   *
* of choice:                                                                 *
* 'icmpsic -s source -d dest -r 31337 -k 218504 -p 218505'                   *
*                                                                            *
* where source is the source IP address (spoofed addresses work just fine),  *
* and dest is the IP address of the NetBSD machine.                          *
*                                                                            *
* NOTE: For whatever reason, Linux mangles this packet before sending it. We *
* have found that it does work correctly when sent from FreeBSD x86, NetBSD  *
* x86, and NetBSD arm32.                                                     *
*                                                                            *
*                                                                            *
* Result:                                                                    *
* On the vulnerable platforms tested (listed above), a kernel panic results  *
* from an unaligned memory access. Because of the ability to spoof the       *
* packet, and the relative small packet size, an attacker could easily       *
* crash many NetBSD machines on a given subnet with minimal effort.          *
*IIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIII*