From owner-freebsd-security@freebsd.org Sun Jul 19 00:57:04 2015 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A189B9993B1 for ; Sun, 19 Jul 2015 00:57:04 +0000 (UTC) (envelope-from jhellenthal@dataix.net) Received: from mail-ie0-x22e.google.com (mail-ie0-x22e.google.com [IPv6:2607:f8b0:4001:c03::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 642F518AB for ; Sun, 19 Jul 2015 00:57:04 +0000 (UTC) (envelope-from jhellenthal@dataix.net) Received: by iebmu5 with SMTP id mu5so97914347ieb.1 for ; Sat, 18 Jul 2015 17:57:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dataix.net; s=rsa; h=subject:mime-version:content-type:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=E050F9nFNXPxsXM0V2sgNaOh073OXWq2Bb3j38zIs+0=; b=YAM88QLueqeCX88zRxBgb4ggJY1HR1Jg1lIGGRcDeR0l1lRwrFVHQL//QphkAzdojl 4IzCNUdP2upxe9Mb9jljHEZp+fac7nsMnl4P8SEbqGff2apmyVN1XNkWugd9APx3QKWQ itcYOl8UdZdLL2AdB3rJuLxF8z3ELnrdPxDmo= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:subject:mime-version:content-type:from :in-reply-to:date:cc:content-transfer-encoding:message-id:references :to; bh=E050F9nFNXPxsXM0V2sgNaOh073OXWq2Bb3j38zIs+0=; b=d3gQCmfmNm9L3OnQVab2zOM76N1LQ371zwZIe8qw8pbbNIfaEdJV+on0LTj8R3QJG2 qgw+60RlLJg49x6mcPvKBJ25uaTZrK1LBhIH2yGZVAU3K/lIxsxHSz4xQjhY4zb+FnlP qhxINafllsXa4d3VcylhK2BtYHRqH24GR/TDgRsLc2KfjF2HAv3G0g5zfem6iy+4tCpC t/ks4Nsc730NEeHPiCbz4jnMP89idwGJb/0g2avaPuEaYn4szUN2Soj8Ky7onkfVCBl5 cAajgb2qbCkn8282CfbygAf14bqlVzf/VR31WAuaAlV/XUQbzdPPP162TM1vX76yEElL CIFA== X-Gm-Message-State: ALoCoQlqZKFZ1nP8psoOkuJRfhYvkvRREtXQK3ABv74Ch2yzKfRi33yJN4ndkVGqV3m2/rV2jQMl X-Received: by 10.107.164.168 with SMTP id d40mr27002099ioj.130.1437267423498; Sat, 18 Jul 2015 17:57:03 -0700 (PDT) Received: from [192.168.0.4] (cpe-65-26-235-118.wi.res.rr.com. [65.26.235.118]) by smtp.gmail.com with ESMTPSA id ji7sm2202166igb.2.2015.07.18.17.57.02 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Sat, 18 Jul 2015 17:57:03 -0700 (PDT) Subject: Re: OpenSSH max auth tries issue Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2102\)) Content-Type: text/plain; charset="utf8"; X-Pgp-Agent: GPGMail 2.5 From: Jason Hellenthal In-Reply-To: <1437261017.3368395.327186961.64104619@webmail.messagingengine.com> Date: Sat, 18 Jul 2015 19:57:00 -0500 Cc: Mike Tancsa , "freebsd-security@freebsd.org" Content-Transfer-Encoding: 8bit Message-Id: <3BF9481E-5C31-4D74-944D-78C31C88A7C6@dataix.net> References: <55A95526.3070509@sentex.net> <1437261017.3368395.327186961.64104619@webmail.messagingengine.com> To: Mark Felder X-Mailer: Apple Mail (2.2102) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 19 Jul 2015 00:57:04 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 It wouldn't pass the pf overload rules if set correctly, that's just obvious. ipfw on the other hand I'm either not that conversed on and with the lack of named tables I would think it isn't going to catch it like pf would. It's trivial to just adjust the defaults for the server to 3 login attempts and from my perspective there should not be any negative community impact of such. I've been changing it from the default of 5-6 to 3 for years as a higher value just doesn't make logical sense. Personally I would like to also see some defaults set of the MaxStartups which is not on by default. 10:30:100 seems to be the default but id rather see something more along the likes of 5:15:30 which has worked out quite well for my instances that accept inward connections for shell access along with the pf overload rules that I will not live without and along with the MaxAuthTries 3. Sorry for the top-post, some clients just don’t work that way ;) - -- Jason Hellenthal JJH48-ARIN On Jul 18, 2015, at 18:10, Mark Felder wrote: On Fri, Jul 17, 2015, at 14:19, Mike Tancsa wrote: Not sure if others have seen this yet - ------------------ https://kingcope.wordpress.com/2015/07/16/openssh-keyboard-interactive-authentication-brute-force-vulnerability-maxauthtries-bypass/ "OpenSSH has a default value of six authentication tries before it will close the connection (the ssh client allows only three password entries per default). With this vulnerability an attacker is able to request as many password prompts limited by the “login graced time” setting, that is set to two minutes by default." Does it produce multiple entries in the server logs? I'm curious if sshguard etc would detect this. If I understand what's going on, this might appear as if it's a single "session" and be able to bypass pf overload rules. I'll have to play around with it and see what it does. _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" -----BEGIN PGP SIGNATURE----- iQEcBAEBCAAGBQJVqvXcAAoJEDLu+wRc4KcIiJsH+gNOOUAf/qqOHkMI8Xkmn0nA 9eqGYBqdY7y5/R4GUnQrFwuMo5va8EnYJwJqqlMceePImgRNegw8qnuNkX/TZYvs xBIhIhQOTsRhYG8TSQpeWAsnwwdtsVbw+s8vbj7X6HM+hs2SCF4yRy0DHpm/Ld5H z+ITNLjGpaO2T+YvroY0lCPbfa/7TwbhqEuYHT6PnFUY5MedvzgMKU9OW+1OJMhr WGDCfYlpOdu7ZXxmJMcPkhQiK65bqQVMDhkdCYggSYXTb+i5nmBHkZzpaCqHBk/U dq2KNGzYsudYdBA2+1vsuFIx4Yr6OwZc09rOVtAXcw0sITBWBrycjo7Q7J74W/Y= =gRYp -----END PGP SIGNATURE----- From owner-freebsd-security@freebsd.org Tue Jul 21 03:04:49 2015 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 42ECE9A60CD for ; Tue, 21 Jul 2015 03:04:49 +0000 (UTC) (envelope-from brett@lariat.net) Received: from mail.lariat.net (mail.lariat.net [66.62.230.51]) by mx1.freebsd.org (Postfix) with ESMTP id 83C781DB1 for ; Tue, 21 Jul 2015 03:02:17 +0000 (UTC) (envelope-from brett@lariat.net) Received: from Toshi.lariat.net (IDENT:ppp1000.lariat.net@localhost [127.0.0.1]) by mail.lariat.net (8.9.3/8.9.3) with ESMTP id UAA14096; Sat, 18 Jul 2015 20:20:26 -0600 (MDT) Message-Id: <201507190220.UAA14096@mail.lariat.net> X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9 Date: Sat, 18 Jul 2015 20:20:08 -0600 To: Mike Tancsa , "freebsd-security@freebsd.org" From: Brett Glass Subject: Re: OpenSSH max auth tries issue In-Reply-To: <55A95526.3070509@sentex.net> References: <55A95526.3070509@sentex.net> Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1"; format=flowed Content-Transfer-Encoding: 8bit X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Jul 2015 03:04:49 -0000 Because a potential intruder can establish multiple or "tag-teamed" TCP sessions (possibly from different IPs) to the SSH server, a per-session limit is barely useful and will not slow a determined attacker. A global limit might, but would enable DoS attacks. --Brett Glass At 01:19 PM 7/17/2015, Mike Tancsa wrote: >Not sure if others have seen this yet > >------------------ > > >https://kingcope.wordpress.com/2015/07/16/openssh-keyboard-interactive-authentication-brute-force-vulnerability-maxauthtries-bypass/ > >"OpenSSH has a default value of six authentication tries before it will >close the connection (the ssh client allows only three password entries >per default). > >With this vulnerability an attacker is able to request as many password >prompts limited by the “login graced time” setting, that is set to two >minutes by default." > > >-- >------------------- >Mike Tancsa, tel +1 519 651 3400 >Sentex Communications, mike@sentex.net >Providing Internet services since 1994 www.sentex.net >Cambridge, Ontario Canada http://www.tancsa.com/ >_______________________________________________ >freebsd-security@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-security >To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" From owner-freebsd-security@freebsd.org Tue Jul 21 13:40:58 2015 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id EF58D9A511E for ; Tue, 21 Jul 2015 13:40:58 +0000 (UTC) (envelope-from marquis@roble.com) Received: from mx5.roble.com (mx5.roble.com [206.40.34.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mx5.roble.com", Issuer "mx5.roble.com" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id E29A6156C for ; Tue, 21 Jul 2015 13:40:58 +0000 (UTC) (envelope-from marquis@roble.com) Date: Tue, 21 Jul 2015 06:40:52 -0700 (PDT) From: Roger Marquis To: "freebsd-security@freebsd.org" Subject: Re: OpenSSH max auth tries issue In-Reply-To: <201507190220.UAA14096@mail.lariat.net> References: <55A95526.3070509@sentex.net> <201507190220.UAA14096@mail.lariat.net> User-Agent: Alpine 2.11 (BSF 23 2013-08-11) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Jul 2015 13:40:59 -0000 Brett Glass wrote: > Because a potential intruder can establish multiple or "tag-teamed" TCP > sessions (possibly from different IPs) to the SSH server, a per-session limit > is barely useful and will not slow a determined attacker. A global limit > might, but would enable DoS attacks. If you run sshd under inetd the "-C" flag will enforce rate limits on a per IP basis. Still vulnerable to resource exhaustion under a DDOS perhaps but it would have to be a serious effort. Considering the potential interactions between inetd.conf, login.conf, sshd_config and perhaps fail2ban or portsentry it's surprising there isn't more documentation on this important topic. Roger >> >> https://kingcope.wordpress.com/2015/07/16/openssh-keyboard-interactive-authentication-brute-force-vulnerability-maxauthtries-bypass/ >> >> "OpenSSH has a default value of six authentication tries before it will >> close the connection (the ssh client allows only three password entries >> per default). >> >> With this vulnerability an attacker is able to request as many password >> prompts limited by the ???login graced time??? setting, that is set to two >> minutes by default." >> From owner-freebsd-security@freebsd.org Wed Jul 22 02:57:46 2015 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 835169A7BB5 for ; Wed, 22 Jul 2015 02:57:46 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) by mx1.freebsd.org (Postfix) with ESMTP id 7384B12D8; Wed, 22 Jul 2015 02:57:46 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: by freefall.freebsd.org (Postfix, from userid 1035) id 721831C32; Wed, 22 Jul 2015 02:57:46 +0000 (UTC) From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Security Advisory FreeBSD-SA-15:13.tcp Reply-To: freebsd-security@freebsd.org Precedence: bulk Message-Id: <20150722025746.721831C32@freefall.freebsd.org> Date: Wed, 22 Jul 2015 02:57:46 +0000 (UTC) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.20 List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Jul 2015 02:57:46 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-15:13.tcp Security Advisory The FreeBSD Project Topic: Resource exhaustion due to sessions stuck in LAST_ACK state Category: core Module: inet Announced: 2015-07-21 Credits: Lawrence Stewart (Netflix, Inc.), Jonathan Looney (Juniper SIRT) Affects: All supported versions of FreeBSD. Corrected: 2015-07-21 23:42:17 UTC (stable/10, 10.2-PRERELEASE) 2015-07-21 23:42:17 UTC (stable/10, 10.2-BETA1-p1) 2015-07-21 23:42:17 UTC (stable/10, 10.2-BETA2-p1) 2015-07-21 23:42:56 UTC (releng/10.1, 10.1-RELEASE-p15) 2015-07-21 23:42:20 UTC (stable/9, 9.3-STABLE) 2015-07-21 23:42:56 UTC (releng/9.3, 9.3-RELEASE-p20) 2015-07-21 23:42:20 UTC (stable/8, 8.4-STABLE) 2015-07-21 23:42:56 UTC (releng/8.4, 8.4-RELEASE-p34) CVE Name: CVE-2015-5358 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background The Transmission Control Protocol (TCP) of the TCP/IP protocol suite provides a connection-oriented, reliable, sequence-preserving data stream service. A socket enters the LAST_ACK state when the local process closes its socket after a FIN has already been received from the remote peer. The socket will remain in the LAST_ACK state until the kernel has transmitted a FIN to the remote peer and the kernel has received an acknowledgement of that FIN from the remote peer, or all retransmits of the FIN have failed and the connection times out. II. Problem Description TCP connections transitioning to the LAST_ACK state can become permanently stuck due to mishandling of protocol state in certain situations, which in turn can lead to accumulated consumption and eventual exhaustion of system resources, such as mbufs and sockets. III. Impact An attacker who can repeatedly establish TCP connections to a victim system (for instance, a Web server) could create many TCP connections that are stuck in LAST_ACK state and cause resource exhaustion, resulting in a denial of service condition. This may also happen in normal operation where no intentional attack is conducted, but an attacker who can send specifically crafted packets can trigger this more reliably. IV. Workaround No workaround is available, but systems that do not provide TCP based service to untrusted networks are not vulnerable. Note that the tcpdrop(8) utility can be used to purge connections which have become wedged. For example, the following command can be used to generate commands that would drop all connections whose last rcvtime is more than 100s: netstat -nxp tcp | \ awk '{ if (int($NF) > 100) print "tcpdrop " $4 " " $5 }' The system administrator can then run the generated script as a temporary measure. Please refer to the tcpdump(8) manual page for additional information. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. 2) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install 3) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 10.1] # fetch https://security.FreeBSD.org/patches/SA-15:13/tcp.patch # fetch https://security.FreeBSD.org/patches/SA-15:13/tcp.patch.asc # gpg --verify tcp.patch.asc [FreeBSD 9.x and 8.x] # fetch https://security.FreeBSD.org/patches/SA-15:13/tcp-9.patch # fetch https://security.FreeBSD.org/patches/SA-15:13/tcp-9.patch.asc # gpg --verify tcp-9.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in and reboot the system. VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/8/ r285779 releng/8.4/ r285780 stable/9/ r285779 releng/9.3/ r285780 stable/10/ r285778 releng/10.1/ r285780 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.1.6 (FreeBSD) iQIcBAEBCgAGBQJVrtnrAAoJEO1n7NZdz2rnchoQAMUV9fuXsBvQgvugFVpoe4HP t7tTIzKKmvC3SVOQfPF6jQllVL9qbRJK9zVdFcGX0Iy07/QPKMIRIFXqiYmRwyXt YEuZtZMHEo6w5YS/gEwSndGRFduFAfhaNZndycjA3O5nxR16cvqScDUAv0nErQGD jJzhjbwdrT4fLg06PgLOdNwQKOPhdM1k4ZOdg7WUYDi2iQUmYpD2SOzRAx/SoDK7 N0qd7Cy7mZBLbmm1zbCGDPhvNVYCKQjPjhiZ1GhfzUQ2n9bBOGLf2K1d/N0cttFH /MfJoi2yRlU3iJE2DOJeD0/m4sJLmTL/7sqYEP9W2939oVH0Bku/KoJG4I4rZLDl 6yoKTxtyJGxbw8N2M/ObFpCQwn56Vjf2oo1LhIdBb+T48OwSwxuwrtw4VnlUnVLo oJ5UA1VnazoyU6AwADpHkGPEPvRF1SUXfOuIOoHiZZ6O3eHdoeD3e2HqLQhoYVCj PMEi/k45jPnWWhwV76I65Ig02YRgzhMTSunjXLQhi44Eeavf1SxHTJpSHuVjg3zu MDDW55yB+wJvoetwCg3IkFPfmFBmto679xywDCKVd9VYeKoFsiVE4F/APqf6hN7o qO8etL5oXnwjNsm9Tf8vImoWrBw2gRYkSieG+Vsx4r2r5JNHKRg1AVmRdihI1ATb canMZYhLMD6A1x5T54Ya =UPeI -----END PGP SIGNATURE----- From owner-freebsd-security@freebsd.org Wed Jul 22 06:40:02 2015 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1179C9A879C for ; Wed, 22 Jul 2015 06:40:02 +0000 (UTC) (envelope-from prosa@pro.sk) Received: from ns.pro.sk (proxy.pro.sk [212.55.244.46]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 7FAE31C10 for ; Wed, 22 Jul 2015 06:40:00 +0000 (UTC) (envelope-from prosa@pro.sk) Received: from [192.168.1.100] (Peter-W7.pro.sk [192.168.1.100]) by ns.pro.sk (8.15.2/8.15.2) with ESMTP id t6M6U3x9087785 for ; Wed, 22 Jul 2015 06:30:03 GMT (envelope-from prosa@pro.sk) Message-ID: <55AF3894.3070400@pro.sk> Date: Wed, 22 Jul 2015 08:30:44 +0200 From: Peter Rosa User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.7.0 MIME-Version: 1.0 To: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-15:13.tcp References: <20150722025746.721831C32@freefall.freebsd.org> In-Reply-To: <20150722025746.721831C32@freefall.freebsd.org> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Jul 2015 06:40:02 -0000 Hi, > V. Solution > > Perform one of the following: > > 3) To update your vulnerable system via a source code patch: > > The following patches have been verified to apply to the applicable > FreeBSD release branches. > > c) Recompile your kernel as described in > and reboot the > system. I just svn'd current src tree. Please, is it enough to recompile the kernel only to apply this change? Or have I to recompile the world as well? Thanks and best regards, -- Peter Rosa From owner-freebsd-security@freebsd.org Wed Jul 22 06:58:11 2015 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id AC9EC9A8B44 for ; Wed, 22 Jul 2015 06:58:11 +0000 (UTC) (envelope-from gabor@zahemszky.hu) Received: from smtp-3-out.integrity.hu (smtp-3-out.integrity.hu [212.52.165.213]) by mx1.freebsd.org (Postfix) with ESMTP id 6F46615F4 for ; Wed, 22 Jul 2015 06:58:10 +0000 (UTC) (envelope-from gabor@zahemszky.hu) Received: from webmail.integrity.hu (mail-fe-1.integrity.hu [10.1.64.120]) by mail-smtp.integrity.hu (Postfix) with ESMTPA id 391364012D for ; Wed, 22 Jul 2015 08:52:56 +0200 (CEST) Received: from bXkdUhF/eMRoSQCeR3ef8ymmC8mIhhkV by webmail.integrity.hu with HTTP (HTTP/1.1 POST); Wed, 22 Jul 2015 08:52:56 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Date: Wed, 22 Jul 2015 08:52:56 +0200 From: gabor@zahemszky.hu To: Subject: Re: FreeBSD Security Advisory FreeBSD-SA-15:13.tcp In-Reply-To: <20150722025746.721831C32@freefall.freebsd.org> References: <20150722025746.721831C32@freefall.freebsd.org> Message-ID: <9acb8bbfb059c3e8d08ba20a41441714@zahemszky.hu> X-Sender: gabor@zahemszky.hu User-Agent: Roundcube Webmail/0.8.4 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Jul 2015 06:58:11 -0000 > IV. Workaround > > No workaround is available, but systems that do not provide TCP based > service to untrusted networks are not vulnerable. > > Note that the tcpdrop(8) utility can be used to purge connections > which > have become wedged. For example, the following command can be used > to > generate commands that would drop all connections whose last rcvtime > is > more than 100s: > > netstat -nxp tcp | \ > awk '{ if (int($NF) > 100) print "tcpdrop " $4 " " $5 }' > > The system administrator can then run the generated script as a > temporary > measure. Please refer to the tcpdump(8) manual page for additional > information. It should be tcpdrop(8), isn't it? Zahy < Gabor at Zahemszky dot HU > From owner-freebsd-security@freebsd.org Wed Jul 22 08:31:51 2015 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 06A8F9A8E5B for ; Wed, 22 Jul 2015 08:31:51 +0000 (UTC) (envelope-from gahr@FreeBSD.org) Received: from mail.ptrcrt.ch (ptrcrt.ch [37.252.124.203]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 721CD1423 for ; Wed, 22 Jul 2015 08:31:49 +0000 (UTC) (envelope-from gahr@FreeBSD.org) Received: from webmail.ptrcrt.ch (192.168.1.2 [192.168.1.2]); by mail.ptrcrt.ch (OpenSMTPD) with ESMTPSA id dd1d22fa; TLS version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO; for ; Wed, 22 Jul 2015 08:31:47 +0000 (UTC) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit Date: Wed, 22 Jul 2015 10:31:47 +0200 From: Pietro Cerutti To: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-15:13.tcp Organization: The FreeBSD Project In-Reply-To: <20150722025746.7697C1C34@freefall.freebsd.org> References: <20150722025746.7697C1C34@freefall.freebsd.org> Message-ID: X-Sender: gahr@FreeBSD.org User-Agent: Roundcube Webmail/1.1.2 X-Mailman-Approved-At: Wed, 22 Jul 2015 11:27:13 +0000 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Jul 2015 08:31:51 -0000 On 2015-07-22 04:57, FreeBSD Security Advisories wrote: > 2) To update your vulnerable system via a binary patch: > > Systems running a RELEASE version of FreeBSD on the i386 or amd64 > platforms can be updated via the freebsd-update(8) utility: > > # freebsd-update fetch > # freebsd-update install Hi, I just updated my system as usual using freebsd-update. I was expecting it to require a reboot, since it's touching kernel code, but it hasn't. freebsd-version shows 10.1-RELEASE-p15 for both kernel and userland. Am I missing something? Thanks! -- Pietro Cerutti gahr@FreeBSD.org From owner-freebsd-security@freebsd.org Wed Jul 22 12:15:02 2015 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 676389A8D14 for ; Wed, 22 Jul 2015 12:15:02 +0000 (UTC) (envelope-from security@lordcow.org) Received: from lordcow.org (lordcow.org [41.203.5.188]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "devaux.za.net", Issuer "devaux.za.net" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id B65C6199A for ; Wed, 22 Jul 2015 12:15:01 +0000 (UTC) (envelope-from security@lordcow.org) Received: from lordcow.org (localhost [127.0.0.1]) by lordcow.org (8.14.5/8.14.5) with ESMTP id t6MBwJm0015246 (version=TLSv1/SSLv3 cipher=DHE-DSS-AES256-GCM-SHA384 bits=256 verify=NO) for ; Wed, 22 Jul 2015 13:58:19 +0200 (SAST) (envelope-from lordcow@lordcow.org) Received: (from lordcow@localhost) by lordcow.org (8.14.5/8.14.5/Submit) id t6MBwEIf015245 for freebsd-security@freebsd.org; Wed, 22 Jul 2015 13:58:14 +0200 (SAST) (envelope-from lordcow) Date: Wed, 22 Jul 2015 13:58:14 +0200 From: Gareth de Vaux To: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-15:13.tcp Message-ID: <20150722115814.GA15165@lordcow.org> References: <20150722025746.7697C1C34@freefall.freebsd.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.23 (2014-03-12) X-Spam-Status: No, score=-1.0 required=5.0 tests=ALL_TRUSTED autolearn=unavailable autolearn_force=no version=3.4.1 X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on lordcow.org X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Jul 2015 12:15:02 -0000 On Wed 2015-07-22 (10:31), Pietro Cerutti wrote: > Hi, I just updated my system as usual using freebsd-update. I was > expecting it to require a reboot, since it's touching kernel code, but > it hasn't. freebsd-version shows 10.1-RELEASE-p15 for both kernel and > userland. Am I missing something? Yeah, 'uname -r' will show the current/old kernel until you reboot. From owner-freebsd-security@freebsd.org Wed Jul 22 13:19:05 2015 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D71749A699D for ; Wed, 22 Jul 2015 13:19:05 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: from zxy.spb.ru (zxy.spb.ru [195.70.199.98]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 932091BB2; Wed, 22 Jul 2015 13:19:05 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: from slw by zxy.spb.ru with local (Exim 4.84 (FreeBSD)) (envelope-from ) id 1ZHtvF-000JNl-14; Wed, 22 Jul 2015 16:18:57 +0300 Date: Wed, 22 Jul 2015 16:18:56 +0300 From: Slawa Olhovchenkov To: freebsd-security@freebsd.org Cc: FreeBSD Security Advisories Subject: Re: FreeBSD Security Advisory FreeBSD-SA-15:13.tcp Message-ID: <20150722131856.GD43740@zxy.spb.ru> References: <20150722025746.721831C32@freefall.freebsd.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20150722025746.721831C32@freefall.freebsd.org> User-Agent: Mutt/1.5.23 (2014-03-12) X-SA-Exim-Connect-IP: X-SA-Exim-Mail-From: slw@zxy.spb.ru X-SA-Exim-Scanned: No (on zxy.spb.ru); SAEximRunCond expanded to false X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Jul 2015 13:19:05 -0000 On Wed, Jul 22, 2015 at 02:57:46AM +0000, FreeBSD Security Advisories wrote: This is correspondent to kern/25986? Or kern/25986 is different bug? > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > ============================================================================= > FreeBSD-SA-15:13.tcp Security Advisory > The FreeBSD Project > > Topic: Resource exhaustion due to sessions stuck in LAST_ACK state > > Category: core > Module: inet > Announced: 2015-07-21 > Credits: Lawrence Stewart (Netflix, Inc.), > Jonathan Looney (Juniper SIRT) > Affects: All supported versions of FreeBSD. > Corrected: 2015-07-21 23:42:17 UTC (stable/10, 10.2-PRERELEASE) > 2015-07-21 23:42:17 UTC (stable/10, 10.2-BETA1-p1) > 2015-07-21 23:42:17 UTC (stable/10, 10.2-BETA2-p1) > 2015-07-21 23:42:56 UTC (releng/10.1, 10.1-RELEASE-p15) > 2015-07-21 23:42:20 UTC (stable/9, 9.3-STABLE) > 2015-07-21 23:42:56 UTC (releng/9.3, 9.3-RELEASE-p20) > 2015-07-21 23:42:20 UTC (stable/8, 8.4-STABLE) > 2015-07-21 23:42:56 UTC (releng/8.4, 8.4-RELEASE-p34) > CVE Name: CVE-2015-5358 > > For general information regarding FreeBSD Security Advisories, > including descriptions of the fields above, security branches, and the > following sections, please visit . > > I. Background > > The Transmission Control Protocol (TCP) of the TCP/IP protocol suite > provides a connection-oriented, reliable, sequence-preserving data > stream service. > > A socket enters the LAST_ACK state when the local process closes its socket > after a FIN has already been received from the remote peer. The socket > will remain in the LAST_ACK state until the kernel has transmitted a FIN to > the remote peer and the kernel has received an acknowledgement of that FIN > from the remote peer, or all retransmits of the FIN have failed and the > connection times out. > > II. Problem Description > > TCP connections transitioning to the LAST_ACK state can become permanently > stuck due to mishandling of protocol state in certain situations, which in > turn can lead to accumulated consumption and eventual exhaustion of system > resources, such as mbufs and sockets. > > III. Impact > > An attacker who can repeatedly establish TCP connections to a victim system > (for instance, a Web server) could create many TCP connections that are > stuck in LAST_ACK state and cause resource exhaustion, resulting in a > denial of service condition. This may also happen in normal operation > where no intentional attack is conducted, but an attacker who can send > specifically crafted packets can trigger this more reliably. > > IV. Workaround > > No workaround is available, but systems that do not provide TCP based > service to untrusted networks are not vulnerable. > > Note that the tcpdrop(8) utility can be used to purge connections which > have become wedged. For example, the following command can be used to > generate commands that would drop all connections whose last rcvtime is > more than 100s: > > netstat -nxp tcp | \ > awk '{ if (int($NF) > 100) print "tcpdrop " $4 " " $5 }' > > The system administrator can then run the generated script as a temporary > measure. Please refer to the tcpdump(8) manual page for additional > information. > > V. Solution > > Perform one of the following: > > 1) Upgrade your vulnerable system to a supported FreeBSD stable or > release / security branch (releng) dated after the correction date. > > 2) To update your vulnerable system via a binary patch: > > Systems running a RELEASE version of FreeBSD on the i386 or amd64 > platforms can be updated via the freebsd-update(8) utility: > > # freebsd-update fetch > # freebsd-update install > > 3) To update your vulnerable system via a source code patch: > > The following patches have been verified to apply to the applicable > FreeBSD release branches. > > a) Download the relevant patch from the location below, and verify the > detached PGP signature using your PGP utility. > > [FreeBSD 10.1] > # fetch https://security.FreeBSD.org/patches/SA-15:13/tcp.patch > # fetch https://security.FreeBSD.org/patches/SA-15:13/tcp.patch.asc > # gpg --verify tcp.patch.asc > > [FreeBSD 9.x and 8.x] > # fetch https://security.FreeBSD.org/patches/SA-15:13/tcp-9.patch > # fetch https://security.FreeBSD.org/patches/SA-15:13/tcp-9.patch.asc > # gpg --verify tcp-9.patch.asc > > b) Apply the patch. Execute the following commands as root: > > # cd /usr/src > # patch < /path/to/patch > > c) Recompile your kernel as described in > and reboot the > system. > > VI. Correction details > > The following list contains the correction revision numbers for each > affected branch. > > Branch/path Revision > - ------------------------------------------------------------------------- > stable/8/ r285779 > releng/8.4/ r285780 > stable/9/ r285779 > releng/9.3/ r285780 > stable/10/ r285778 > releng/10.1/ r285780 > - ------------------------------------------------------------------------- > > To see which files were modified by a particular revision, run the > following command, replacing NNNNNN with the revision number, on a > machine with Subversion installed: > > # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base > > Or visit the following URL, replacing NNNNNN with the revision number: > > > > VII. References > > > > The latest revision of this advisory is available at > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2.1.6 (FreeBSD) > > iQIcBAEBCgAGBQJVrtnrAAoJEO1n7NZdz2rnchoQAMUV9fuXsBvQgvugFVpoe4HP > t7tTIzKKmvC3SVOQfPF6jQllVL9qbRJK9zVdFcGX0Iy07/QPKMIRIFXqiYmRwyXt > YEuZtZMHEo6w5YS/gEwSndGRFduFAfhaNZndycjA3O5nxR16cvqScDUAv0nErQGD > jJzhjbwdrT4fLg06PgLOdNwQKOPhdM1k4ZOdg7WUYDi2iQUmYpD2SOzRAx/SoDK7 > N0qd7Cy7mZBLbmm1zbCGDPhvNVYCKQjPjhiZ1GhfzUQ2n9bBOGLf2K1d/N0cttFH > /MfJoi2yRlU3iJE2DOJeD0/m4sJLmTL/7sqYEP9W2939oVH0Bku/KoJG4I4rZLDl > 6yoKTxtyJGxbw8N2M/ObFpCQwn56Vjf2oo1LhIdBb+T48OwSwxuwrtw4VnlUnVLo > oJ5UA1VnazoyU6AwADpHkGPEPvRF1SUXfOuIOoHiZZ6O3eHdoeD3e2HqLQhoYVCj > PMEi/k45jPnWWhwV76I65Ig02YRgzhMTSunjXLQhi44Eeavf1SxHTJpSHuVjg3zu > MDDW55yB+wJvoetwCg3IkFPfmFBmto679xywDCKVd9VYeKoFsiVE4F/APqf6hN7o > qO8etL5oXnwjNsm9Tf8vImoWrBw2gRYkSieG+Vsx4r2r5JNHKRg1AVmRdihI1ATb > canMZYhLMD6A1x5T54Ya > =UPeI > -----END PGP SIGNATURE----- > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" From owner-freebsd-security@freebsd.org Thu Jul 23 14:22:26 2015 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4F6499A93E5 for ; Thu, 23 Jul 2015 14:22:26 +0000 (UTC) (envelope-from mike@sentex.net) Received: from smarthost1.sentex.ca (smarthost1.sentex.ca [IPv6:2607:f3e0:0:1::12]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client CN "smarthost.sentex.ca", Issuer "smarthost.sentex.ca" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 1D5411039 for ; Thu, 23 Jul 2015 14:22:26 +0000 (UTC) (envelope-from mike@sentex.net) Received: from [IPv6:2607:f3e0:0:4:f025:8813:7603:7e4a] (saphire3.sentex.ca [IPv6:2607:f3e0:0:4:f025:8813:7603:7e4a]) by smarthost1.sentex.ca (8.15.2/8.15.2) with ESMTP id t6NEMPXJ026578 for ; Thu, 23 Jul 2015 10:22:26 -0400 (EDT) (envelope-from mike@sentex.net) Subject: Re: OpenSSH max auth tries issue To: "freebsd-security@freebsd.org" References: <55A95526.3070509@sentex.net> From: Mike Tancsa Organization: Sentex Communications Message-ID: <55B0F89C.7010101@sentex.net> Date: Thu, 23 Jul 2015 10:22:20 -0400 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.1.0 MIME-Version: 1.0 In-Reply-To: <55A95526.3070509@sentex.net> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Scanned-By: MIMEDefang 2.75 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Jul 2015 14:22:26 -0000 On 7/17/2015 3:19 PM, Mike Tancsa wrote: > ------------------ > https://kingcope.wordpress.com/2015/07/16/openssh-keyboard-interactive-authentication-brute-force-vulnerability-maxauthtries-bypass/ > With this vulnerability an attacker is able to request as many password > prompts limited by the “login graced time” setting, that is set to two > minutes by default." > > There is a patch in the OpenSSH tree to mitigate this. Any chance on bringing this in before 10.2R ships ? https://anongit.mindrot.org/openssh.git/patch/?id=5b64f85bb811246c59ebab ---Mike -- ------------------- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, mike@sentex.net Providing Internet services since 1994 www.sentex.net Cambridge, Ontario Canada http://www.tancsa.com/ From owner-freebsd-security@freebsd.org Thu Jul 23 19:26:56 2015 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D1C019A9D2A for ; Thu, 23 Jul 2015 19:26:56 +0000 (UTC) (envelope-from delphij@delphij.net) Received: from anubis.delphij.net (anubis.delphij.net [64.62.153.212]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "anubis.delphij.net", Issuer "StartCom Class 1 Primary Intermediate Server CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id B34C815D7 for ; Thu, 23 Jul 2015 19:26:56 +0000 (UTC) (envelope-from delphij@delphij.net) Received: from zeta.ixsystems.com (unknown [12.229.62.2]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by anubis.delphij.net (Postfix) with ESMTPSA id 91AA71CA30; Thu, 23 Jul 2015 12:26:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=delphij.net; s=anubis; t=1437679609; x=1437694009; bh=I92BAcptV8SrOVvXimd7CBpX72dDbNzUokYbnuz34DA=; h=Date:From:Reply-To:To:Subject:References:In-Reply-To; b=j5SRdZSX93pTdwkfz1yQkoXGQWHdHDHXVhnoiF/W7DwaqEViy2nYoP2F10ZrKM7tf 6h55yv1mUzEtGsxNG4riqrvzSlEyb9Q4LoG7X7dY/aTmqj5Nc0n5zUgsVCmrE1fbY2 d9VjqE+WrG9MLxGtwPDF6J7C/EkLRvmAI93s62aU= Message-ID: <55B13FF9.7090403@delphij.net> Date: Thu, 23 Jul 2015 12:26:49 -0700 From: Xin Li Reply-To: d@delphij.net Organization: The FreeBSD Project MIME-Version: 1.0 To: Mike Tancsa , "freebsd-security@freebsd.org" Subject: Re: OpenSSH max auth tries issue References: <55A95526.3070509@sentex.net> <55B0F89C.7010101@sentex.net> In-Reply-To: <55B0F89C.7010101@sentex.net> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Jul 2015 19:26:56 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 07/23/15 07:22, Mike Tancsa wrote: > On 7/17/2015 3:19 PM, Mike Tancsa wrote: >> ------------------ >> https://kingcope.wordpress.com/2015/07/16/openssh-keyboard-interactiv e-authentication-brute-force-vulnerability-maxauthtries-bypass/ >> >> With this vulnerability an attacker is able to request as many password >> prompts limited by the “login graced time” setting, that is set >> to two minutes by default." >> >> > > There is a patch in the OpenSSH tree to mitigate this. Any chance > on bringing this in before 10.2R ships ? > > > https://anongit.mindrot.org/openssh.git/patch/?id=5b64f85bb811246c59eb ab We > will bring in mitigation measure before 10.2R but it's would probably need to be broader than the upstream change. Note that one should really not configure the system with password based authentication for SSH anyways: even with this specific issue resolved, there are still be other ways to help brute forcing password over wire. Cheers, - -- Xin LI https://www.delphij.net/ FreeBSD - The Power to Serve! Live free or die -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.1.6 (FreeBSD) iQIcBAEBCgAGBQJVsT/2AAoJEJW2GBstM+nsjvcP/2YWBMaQ5xNFyEpduh9voKWH 4uPdj+mNqODdwMSdvG6girriOVqbZxMVifZRnmbepgpR2z8M/ZBi0mc6QJ7S50Bj d6jVkZeDXeFKS+83s+B8JX60YOwC0QljfThHrPXlTC0llara5rjNSledo7lFTsFG ZRYhP0T8gD503oi0CAkAAFcESykhvhxM+opwriAzmkEH1M8b2Py/RqCDXEfnzlEL SGjNGRUHzrpCiUjt6CeQFhJPzHjcsMoFqXbUu+qCDE79bZtVT3sZKJJicjFRVk6u diG2exyyW0eVdi2EXKyuSo/NeqZ2bypeREPvAzaRV9mI6IyjocZud2TWRPdkRp6A eDRkOBiWRayWXym11OooZTgAZkhBCOlHu6iJNucl8DTe4J5sEoNebPnZk58ZhXKF /ps+HPDshfgULQO234CN0GRjOsWUc3s1OkH6VoPO9+BNGn47ipaWOK53RoGQoxp8 Tn63ZcnW7/u/ivTNV0xjGxKX6NNl83/QDxvTVM1ICe41dZmJOYAop+dcggHMmTMG Ba4TngQMSSg0eVCMSC7thUQ8u5C5MWa2mB4V3oW0br9NGUR5ofUW73aDr+xbD4Ew rdtDRfQfi5tr+eVBIDvMOcvTV7mJZyIrriLcuMAT/rlRNc7m6bhQULWqcfvy/2rJ Gm3RFhVPuVk5jSL0410u =Y5hE -----END PGP SIGNATURE----- From owner-freebsd-security@freebsd.org Thu Jul 23 19:29:58 2015 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B8E489A9DB5 for ; Thu, 23 Jul 2015 19:29:58 +0000 (UTC) (envelope-from delphij@delphij.net) Received: from anubis.delphij.net (anubis.delphij.net [64.62.153.212]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "anubis.delphij.net", Issuer "StartCom Class 1 Primary Intermediate Server CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id A3EE918DF; Thu, 23 Jul 2015 19:29:58 +0000 (UTC) (envelope-from delphij@delphij.net) Received: from zeta.ixsystems.com (unknown [12.229.62.2]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by anubis.delphij.net (Postfix) with ESMTPSA id 027611CAED; Thu, 23 Jul 2015 12:29:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=delphij.net; s=anubis; t=1437679798; x=1437694198; bh=5n3GckNrVuH6mHq1/9cY3amUqrvtd253xiDW4ZmJK+c=; h=Date:From:Reply-To:To:CC:Subject:References:In-Reply-To; b=U8IWSZGHdQvMmlJGGOjG98U69ixcg7xgvAXRvAsRE+5dTFL2CR+YvosKTgPKsPeD8 H2Uo2pFlsR9KBeVQB7U5DXyDaBGH9dgDiRQeB6q18uqAlHAWFaDMaLgrmJNJruYFBO 4QMF2PzzDvHiqi+LA8iQd2KwIEnEVHqbYErYU+l0= Message-ID: <55B140B5.8050904@delphij.net> Date: Thu, 23 Jul 2015 12:29:57 -0700 From: Xin Li Reply-To: d@delphij.net Organization: The FreeBSD Project MIME-Version: 1.0 To: Slawa Olhovchenkov , freebsd-security@freebsd.org CC: FreeBSD Security Advisories Subject: Re: FreeBSD Security Advisory FreeBSD-SA-15:13.tcp References: <20150722025746.721831C32@freefall.freebsd.org> <20150722131856.GD43740@zxy.spb.ru> In-Reply-To: <20150722131856.GD43740@zxy.spb.ru> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Jul 2015 19:29:58 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 07/22/15 06:18, Slawa Olhovchenkov wrote: > On Wed, Jul 22, 2015 at 02:57:46AM +0000, FreeBSD Security > Advisories wrote: > > This is correspondent to kern/25986? Or kern/25986 is different > bug? I think it's the same bug. Cheers, - -- Xin LI https://www.delphij.net/ FreeBSD - The Power to Serve! Live free or die -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.1.6 (FreeBSD) iQIcBAEBCgAGBQJVsUC1AAoJEJW2GBstM+nskrEQAKLoMj3fKGTvlYiFUHDW+mx4 ETBlZJXfV+gI1b9CqFM5pUEK6arWZE2DJK/xUb3yn1e1BnWkJxGCTbpEnZg+i/Xw qSk4l4v2rhpY2qlq6IsB9Vu3Br4Lf8aMbyj2YPGhZRHUi9ZxrcuUMUNvkeHqMhA2 EVVDSlkxWyGLodF1aWPjkDUZCX3ORC5hQoOOgOPn3G6R1iYDS7cnhvD0VX42m8Sh sGezNBA2SjYT93fJA5qs+09ESeOg1ZomjogWONIKiAVCvIR4sqLdUDz8Gf1nhY/g IwuJZ6D7JxroA4tvIHncCreekEuvXmW8xZ/iI/eXDDpkxaayQRSn5DYIYqHEsrkE Sw/U+mwRc4Ud+bW6uRbcfRVhPmbxACDRWOG0wNmOITHiH3PsHNgcAY4BgDs+SfS4 HZfRsk3mB1feRlSBNxEdA3d2taNeh+g7/5z00rdFdRP4CzArMK7Tn95p4zfGJaf5 OFG9jlKNdWUCtVL9i8ENX7FFRj432z+ttY/U3CoRUxtLNOV+IK3CQGVYMoat3TzM 9DZzLMYLUx4AdAXj4yvD21rQqJbKyn6a0vjsJoXGwm5XLUBgE//RvR4znthjCQer i/Q/qqd2NaLEvl/gUhzzxs7eK8cn8kDwoLwa6MSJ1YbBVXkqKCY3ujnjsj212WMr NU5krYqMUf0DJ3xruoyq =3Q87 -----END PGP SIGNATURE----- From owner-freebsd-security@freebsd.org Thu Jul 23 19:30:33 2015 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D51C99A9E5B for ; Thu, 23 Jul 2015 19:30:33 +0000 (UTC) (envelope-from delphij@delphij.net) Received: from anubis.delphij.net (anubis.delphij.net [64.62.153.212]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "anubis.delphij.net", Issuer "StartCom Class 1 Primary Intermediate Server CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id C0CAF1AF0 for ; Thu, 23 Jul 2015 19:30:33 +0000 (UTC) (envelope-from delphij@delphij.net) Received: from zeta.ixsystems.com (unknown [12.229.62.2]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by anubis.delphij.net (Postfix) with ESMTPSA id 653181CBA8; Thu, 23 Jul 2015 12:30:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=delphij.net; s=anubis; t=1437679833; x=1437694233; bh=j8u99kouwl688fe5OLm5O1iNuneUnUi7rwuQZpW/Crc=; h=Date:From:Reply-To:To:Subject:References:In-Reply-To; b=x+CFpue79DmZRYn/xU+OVv2N6A8cv3QQxAphK3YyvEseRatzMkdOPQkJF6UoFdTn6 Z+37MizkC8sz021LdGXaewbGMfenlKvbqNK3KklskDzm8eoG0QyRnyyi6dGk+V5cIH JNiOpiQJQLC3erYlLMW0O1p+XRdSMFgDUEwSlCFQ= Message-ID: <55B140D9.5080507@delphij.net> Date: Thu, 23 Jul 2015 12:30:33 -0700 From: Xin Li Reply-To: d@delphij.net Organization: The FreeBSD Project MIME-Version: 1.0 To: gabor@zahemszky.hu, freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-15:13.tcp References: <20150722025746.721831C32@freefall.freebsd.org> <9acb8bbfb059c3e8d08ba20a41441714@zahemszky.hu> In-Reply-To: <9acb8bbfb059c3e8d08ba20a41441714@zahemszky.hu> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Jul 2015 19:30:33 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 07/21/15 23:52, gabor@zahemszky.hu wrote: >> IV. Workaround >> >> No workaround is available, but systems that do not provide TCP >> based service to untrusted networks are not vulnerable. >> >> Note that the tcpdrop(8) utility can be used to purge connections >> which have become wedged. For example, the following command can >> be used to generate commands that would drop all connections >> whose last rcvtime is more than 100s: >> >> netstat -nxp tcp | \ awk '{ if (int($NF) > 100) print "tcpdrop " >> $4 " " $5 }' >> >> The system administrator can then run the generated script as a >> temporary measure. Please refer to the tcpdump(8) manual page >> for additional information. > > It should be tcpdrop(8), isn't it? Yes it should be tcpdrop(8). Cheers, - -- Xin LI https://www.delphij.net/ FreeBSD - The Power to Serve! Live free or die -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.1.6 (FreeBSD) iQIcBAEBCgAGBQJVsUDZAAoJEJW2GBstM+nsvZ0P/22S7IgSHZg27gNEo1hVuSN/ GuiEoCShz2VU2c2Wk/vAo3kNvXoWsmz30fKGL5Cu8hi24w8JsHdOwzdB3JI98uu+ srw+8mjxeaumw8/P/w+D2D0w0qh2v4252KhUK9zDvkRAoWsaijgDXh2EEJoaxHCe zo7OVHfL37PG2zSAmY/whMOcQ07Tjv0SepgctKe8rt5YH66Bh2c7zkiJ0Z2wbfmC B/OvgPhiWqK522cJnTQ/FLjZNCOJ+G6jg0Z5nVBOI7L1uN5z7CyOtZ5MNLMx4fza IlaWmbAexIH/q8n37Y2pVfQvT6WyWXhSxv1reyDC2xYixzxFlFUIFQIen5jd7tVN xmYHR9SRaMPVHk5SY7OYfJUlsum4zgwiHjJv9N76tjUMPkmCBEr1fTxerU2mJ2G6 OLqvnK/VVLgebYsBj3NoTrgcKH8L4oz+W/IsPu5SF/shv7hxqAniXp3NX895j97n BzW9r75yT+Iy61VloOq/ZD9QNA379d6+kGHq96lg/qmsG7WImpxum+HtMSjtuBjJ ZP2EK4YZ1usKxjCLt6XIzH2ao1QJ8/64WmAi7tebn4O9rmBwV16wCpxEssEYU1HI l+c9CSlJfoTVkN35ka79x9BgnwpVzAy9iAscDj/yWv2iNrhjUMO6ffA6Q2CGEqxQ MT4h6biU/KXH4Reh1n8F =ZIpa -----END PGP SIGNATURE----- From owner-freebsd-security@freebsd.org Thu Jul 23 20:48:14 2015 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1544D9A9EF0 for ; Thu, 23 Jul 2015 20:48:14 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: from zxy.spb.ru (zxy.spb.ru [195.70.199.98]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id C4C061BF0; Thu, 23 Jul 2015 20:48:13 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: from slw by zxy.spb.ru with local (Exim 4.84 (FreeBSD)) (envelope-from ) id 1ZINPP-0003mR-KZ; Thu, 23 Jul 2015 23:48:03 +0300 Date: Thu, 23 Jul 2015 23:48:03 +0300 From: Slawa Olhovchenkov To: d@delphij.net Cc: freebsd-security@freebsd.org, FreeBSD Security Advisories Subject: Re: FreeBSD Security Advisory FreeBSD-SA-15:13.tcp Message-ID: <20150723204803.GE43740@zxy.spb.ru> References: <20150722025746.721831C32@freefall.freebsd.org> <20150722131856.GD43740@zxy.spb.ru> <55B140B5.8050904@delphij.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <55B140B5.8050904@delphij.net> User-Agent: Mutt/1.5.23 (2014-03-12) X-SA-Exim-Connect-IP: X-SA-Exim-Mail-From: slw@zxy.spb.ru X-SA-Exim-Scanned: No (on zxy.spb.ru); SAEximRunCond expanded to false X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Jul 2015 20:48:14 -0000 On Thu, Jul 23, 2015 at 12:29:57PM -0700, Xin Li wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > On 07/22/15 06:18, Slawa Olhovchenkov wrote: > > On Wed, Jul 22, 2015 at 02:57:46AM +0000, FreeBSD Security > > Advisories wrote: > > > > This is correspondent to kern/25986? Or kern/25986 is different > > bug? > > I think it's the same bug. I see patch in kern/25986 is different from SA. May be SA close not all issuses? From owner-freebsd-security@freebsd.org Thu Jul 23 21:33:32 2015 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3ACC69A88CE for ; Thu, 23 Jul 2015 21:33:32 +0000 (UTC) (envelope-from delphij@delphij.net) Received: from anubis.delphij.net (anubis.delphij.net [IPv6:2001:470:1:117::25]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "anubis.delphij.net", Issuer "StartCom Class 1 Primary Intermediate Server CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 25BAA12CD; Thu, 23 Jul 2015 21:33:32 +0000 (UTC) (envelope-from delphij@delphij.net) Received: from zeta.ixsystems.com (unknown [12.229.62.2]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by anubis.delphij.net (Postfix) with ESMTPSA id 9663E1C39A; Thu, 23 Jul 2015 14:33:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=delphij.net; s=anubis; t=1437687211; x=1437701611; bh=rIDvRkym0h0p2LTQfNe+X7XGEbA7Ex9KxNOkTVjdijE=; h=Date:From:Reply-To:To:CC:Subject:References:In-Reply-To; b=T6XesQoMK/T/6NZ8VgPBI983yL/X8I26EDhYgbBUetQfVSMcfhSoBbaaZrWZlFXr7 dAyB1n3nbUk4QTRAt50GbRZxK1BgCrzYbl6c7Tk0EldbKohsUdOQC3k6QrxSG3IMq+ 0isrzbBT3lEho5mbgeKUy/b9Zb81lPlgAVZZecfU= Message-ID: <55B15DAB.7030905@delphij.net> Date: Thu, 23 Jul 2015 14:33:31 -0700 From: Xin Li Reply-To: d@delphij.net Organization: The FreeBSD Project MIME-Version: 1.0 To: Slawa Olhovchenkov , d@delphij.net CC: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-15:13.tcp References: <20150722025746.721831C32@freefall.freebsd.org> <20150722131856.GD43740@zxy.spb.ru> <55B140B5.8050904@delphij.net> <20150723204803.GE43740@zxy.spb.ru> In-Reply-To: <20150723204803.GE43740@zxy.spb.ru> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 8bit X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Jul 2015 21:33:32 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 (Bcc'ed some unnamed patch authors so they can correct me if I was wrong ). On 07/23/15 13:48, Slawa Olhovchenkov wrote: > On Thu, Jul 23, 2015 at 12:29:57PM -0700, Xin Li wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 >> >> On 07/22/15 06:18, Slawa Olhovchenkov wrote: >>> On Wed, Jul 22, 2015 at 02:57:46AM +0000, FreeBSD Security >>> Advisories wrote: >>> >>> This is correspondent to kern/25986? Or kern/25986 is >>> different bug? >> >> I think it's the same bug. > > I see patch in kern/25986 is different from SA. May be SA close not > all issuses? Yes they are different, but I think that one and r284941 (MFC'ed to stable/10 as r285793) should have addressed all possible situations. Cheers, - -- Xin LI https://www.delphij.net/ FreeBSD - The Power to Serve! Live free or die -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.1.6 (FreeBSD) iQIcBAEBCgAGBQJVsV2rAAoJEJW2GBstM+nsEQUP/38i1nohW+1Ws/gy6PTc0V4B WFSSELeCosuAPlwA/9JQ+mDgNRqEJ6163eT65GZRQXu6HZnbf6bBfyAbzP1vOC15 QqVw8LsaW09NRpGfihXhlMMMdLu1XH8/Ed2RoUU9D/yEfwc4dTHaejvO21e8i0nw i7EjItmWOG+H1Cr2qgIxfeu7D+8SwysM/hT/01yrlR2KVntZKVJhkgD4LMm4DDKM IG7H/NIj2CnlihaBepFZqchwylUUShKH3rPimoacTZl4nT+Oz//49Ahz1Oo5IiQo MHbGSyNannXl2KexERmDbwjn6vP3EpwgXyYiR0ytmbmWq8nqGZOpD3Uu3QmdIWCQ K32izFwU9OSNegExaKurl0Ok8cAXqFg1wU4oAvMlI6/PnDDPlmMSfOlTnjTlzdOq NY0n+4Br1SB3SAvmQKtGPN4xwHF5bRRcsRLYzx2AX7gbmGdFKgiydjopxUGnynRa gUyAqC/gxjNBPr/FuusK4fcms8YraBcGRzEIIDWZOxDSSIzLtizzWF91RiagljDr ozf61Z9BC3uvC3iI6Yq2Zv+g3uIB9yYP97utIBY9yZJPopiSd/rNb+ayWZ5Mr+MC Z8xd+RUF4SvrneDPHKOC1iLerLcnixJPQ++66B06h1Io4GIR735O8CwLCJImSwZL U4U4hUK12nHD7F6eQGVF =S3Pt -----END PGP SIGNATURE----- From owner-freebsd-security@freebsd.org Thu Jul 23 21:56:14 2015 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 989889A8D04 for ; Thu, 23 Jul 2015 21:56:14 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: from zxy.spb.ru (zxy.spb.ru [195.70.199.98]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 566301040 for ; Thu, 23 Jul 2015 21:56:14 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: from slw by zxy.spb.ru with local (Exim 4.84 (FreeBSD)) (envelope-from ) id 1ZIOTK-0005yl-8c; Fri, 24 Jul 2015 00:56:10 +0300 Date: Fri, 24 Jul 2015 00:56:10 +0300 From: Slawa Olhovchenkov To: d@delphij.net Cc: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-15:13.tcp Message-ID: <20150723215610.GR44094@zxy.spb.ru> References: <20150722025746.721831C32@freefall.freebsd.org> <20150722131856.GD43740@zxy.spb.ru> <55B140B5.8050904@delphij.net> <20150723204803.GE43740@zxy.spb.ru> <55B15DAB.7030905@delphij.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <55B15DAB.7030905@delphij.net> User-Agent: Mutt/1.5.23 (2014-03-12) X-SA-Exim-Connect-IP: X-SA-Exim-Mail-From: slw@zxy.spb.ru X-SA-Exim-Scanned: No (on zxy.spb.ru); SAEximRunCond expanded to false X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Jul 2015 21:56:14 -0000 On Thu, Jul 23, 2015 at 02:33:31PM -0700, Xin Li wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > (Bcc'ed some unnamed patch authors so they can correct me if I was wrong > ). > > On 07/23/15 13:48, Slawa Olhovchenkov wrote: > > On Thu, Jul 23, 2015 at 12:29:57PM -0700, Xin Li wrote: > > > >> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 > >> > >> On 07/22/15 06:18, Slawa Olhovchenkov wrote: > >>> On Wed, Jul 22, 2015 at 02:57:46AM +0000, FreeBSD Security > >>> Advisories wrote: > >>> > >>> This is correspondent to kern/25986? Or kern/25986 is > >>> different bug? > >> > >> I think it's the same bug. > > > > I see patch in kern/25986 is different from SA. May be SA close not > > all issuses? > > Yes they are different, but I think that one and r284941 (MFC'ed to > stable/10 as r285793) should have addressed all possible situations. : When TCP socket goes to LAST_ACK state & remote host do not respone : ACK forever, socket would stay at LAST_ACK forever and never be : removed. This situation too? Regardless of zero window condition?