From owner-freebsd-security@FreeBSD.ORG Tue Jun 21 18:24:43 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0ED2916A437; Tue, 21 Jun 2005 18:24:43 +0000 (GMT) (envelope-from rcoleman@criticalmagic.com) Received: from saturn.criticalmagic.com (saturn.criticalmagic.com [69.61.68.51]) by mx1.FreeBSD.org (Postfix) with ESMTP id A1A9743D48; Tue, 21 Jun 2005 18:24:42 +0000 (GMT) (envelope-from rcoleman@criticalmagic.com) Received: from [10.40.30.162] (delta.ciphertrust.com [216.235.158.34]) by saturn.criticalmagic.com (Postfix) with ESMTP id A8D493BD2A; Tue, 21 Jun 2005 14:24:39 -0400 (EDT) Message-ID: <42B85BA9.6060905@criticalmagic.com> Date: Tue, 21 Jun 2005 14:25:45 -0400 From: Richard Coleman Organization: Critical Magic User-Agent: Mozilla Thunderbird 1.0.2 (X11/20050502) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Jacques Vidrine References: <20050519105313.GC2724@unixpages.org> <97D5BFC7-D07D-4DB5-A6C2-D4C71C679CA4@FreeBSD.org> In-Reply-To: <97D5BFC7-D07D-4DB5-A6C2-D4C71C679CA4@FreeBSD.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-security@freebsd.org Subject: Re: TCP timestamp vulnerability X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Jun 2005 18:24:43 -0000 Jacques Vidrine wrote: > > On May 19, 2005, at 5:53 AM, Christian Brueffer wrote: > >> fixes for the vulnerability described in http://www.kb.cert.org/ >> vuls/id/637934 >> were checked in to CURRENT and RELENG_5 by ps in April. >> >> http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet/tcp_input.c >> >> Revisions 1.270 and 1.252.2.16 >> >> He didn't commit it to RELENG_5_4 for some reason, so 5.4 shipped with >> it. >> >> My guess is that he didn't notify you guys either. >> >> I stumbled upon this through a Heise News article at >> http://www.heise.de/newsticker/meldung/59672. Sent them an update about >> the fixed branches, but they'd like to know why this wasn't communicated >> back to US-CERT yadda yadda yadda. > > Thanks, Christian. No, ps@ didn't point it out. It gets a little > confusing too, since I see that the work was submitted by multiple > folks, one of which reported another related vulnerability to us on May > 18 (7 days after that commit). Now to try to untangle what is what ... My boss asked me to check on whether this problem was fixed for FreeBSD 4.10. I didn't see any advisories related to this, and FreeBSD is still showing as vulnerable on the CERT web site. It doesn't look like a fix for this has been committed to any of the 4.X branches. Any word on this? Thanks for the help. Richard Coleman rcoleman@criticalmagic.com