From owner-freebsd-security@freebsd.org Wed Dec 9 05:58:59 2020 Return-Path: Delivered-To: freebsd-security@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 7F3D64B7E16; Wed, 9 Dec 2020 05:58:59 +0000 (UTC) (envelope-from ohartmann@walstatt.org) Received: from mout.gmx.net (mout.gmx.net [212.227.15.18]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "mout.gmx.net", Issuer "TeleSec ServerPass Class 2 CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4CrRFG22kLz4SQD; Wed, 9 Dec 2020 05:58:57 +0000 (UTC) (envelope-from ohartmann@walstatt.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net; s=badeba3b8450; t=1607493536; bh=xa7epE2HxSt7bRHcWvZwWyphDRYc8rkzY0tdnQp7b6s=; h=X-UI-Sender-Class:Date:From:To:Cc:Subject; b=KVel+22/w2nOBgJQ4ZeHyw6xkHDao5fK9N17lmbrE4yjZpxcmXJUqU53Oil3hGs63 ua22HmU7ZdmtOmWzi/YGPw+yQCXjYVZNA4pxJL/oDjhwexuFRNatYssuxvxRU8QuvE xcK5y/lZEQS4Wh3qKb6ZgP9yQ6XKN/y1Y0tel5N0= X-UI-Sender-Class: 01bb95c1-4bf8-414a-932a-4f6e2808ef9c Received: from hermann.fritz.box ([78.55.136.150]) by mail.gmx.com (mrgmx004 [212.227.17.190]) with ESMTPSA (Nemesis) id 1M5wPh-1klWf50Det-007RnN; Wed, 09 Dec 2020 06:58:56 +0100 Date: Wed, 9 Dec 2020 06:58:49 +0100 From: "Hartmann, O." To: freebsd-security@freebsd.org Cc: freebsd-current@freebsd.org Subject: AMNESIA:33 and FreeBSD TCP/IP stack involvement Message-ID: <20201209065849.47a51561@hermann.fritz.box> Organization: walstatt.org MIME-Version: 1.0 Content-Type: multipart/signed; boundary="Sig_/p4UgV9VdW26edeMGse4Ev0Y"; protocol="application/pgp-signature"; micalg=pgp-sha256 X-Provags-ID: V03:K1:kUHffiu4rdwsu9Lx12cZJmq6q7Nyavv0Qq3zhjBTpJSmwacp39s Ua/Xj4Diq1FpDAfEtMP2z0NGpQpJpxCtAxcpuYrUTOv6EoC5zAdEyG+2A43A7XKhbaoyQx7 vYS9t1iXZuVcG6Pq/jFGQvFvyJvwnzCfavmB6gbXjtxh0Z7pYUMVEte7dzhT0AJx5do8dSZ Od1N0dpP6OK6nGJPQkQgA== X-Spam-Flag: NO X-UI-Out-Filterresults: notjunk:1;V03:K0:UJxcJWy7Ob4=:fDDUZ435jIB8oviciPXItb 33OwiRbaCghEL+asAh0gKm2dD5dUbnTI5qX1Z0MaevjjLXyekosFlFDenuszkFNJs+myLSQiZ eCh91EBqMDp19KEmp3kumu2jd9/54zkgzRXGgC5yYNgNSDdKroDpnViJpN35uTm5fSdQziXPf zDVuT/qcCBgK1FALBFlIlqn1blQWJnt/QwDUjiNwy/Av/9/e6S+y9t15pbAzTyFyZcvB7psaY 1pR9iRCsvfRUkHBGHZU5FqowJw9PUjUxHuJ/TWsi1qoYAfg9OWSCfMnMObPlOW1xKblN3MV5M hmKdAw+/l0nLnWZih2jcdcpZDCqHCvbIfh7YhO+bBbjC8Y1ZpPlIPZxcgybLGzARF28HZYa7f jZWDSTtYhg+0jMA3aN6seG1qtUPjQc/XtBfrFo5XEnXaOtwqTNeYwvoj/Zt9DTwe/XYN2gNSF G1DF342fUuYUXW3IN5GAKqI/dxDMyIM+U5HRbn/e8ZzXUFB71K5Bxk2XeH6zP1r2eXRqzPe+S xI8yttd8P121akoKhutgLL5ORrSH9VWx5Y5ZabJfxdHw2cmWPOmkJcprwIJ6531S0DnoCI3g3 DO9n/5W50SpriQJV279KwpWSN1FeK57LbeSPoahh26Hy1bH2NwLvJ8j2RiZVQ8DFmVQyPQWgq LG1+js15igke/HIBSWAKOcouGxwhiCHyljGt1FBLdSQnniKp1uQKuFc+jiSZOVYxEfHIybdcn RCKyCP8h3D6EjSgsDMctzmfPpdYiNRyVRlEMTFUpO7E6g0XyCnE9MgwW76jI4IiW8ZIquHqMp eSxWR9jDVzJ+Iie/xp6NBozN9xlz2mFAQx4HNmFmBUkkAhWGBCe8JCN/CwrZeZl60opz5CjpE WqninHjn1CSu9sBkBqCg== X-Rspamd-Queue-Id: 4CrRFG22kLz4SQD X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmx.net header.s=badeba3b8450 header.b=KVel+22/; dmarc=none; spf=none (mx1.freebsd.org: domain of ohartmann@walstatt.org has no SPF policy when checking 212.227.15.18) smtp.mailfrom=ohartmann@walstatt.org X-Spamd-Result: default: False [-1.50 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; TO_DN_NONE(0.00)[]; HAS_ORG_HEADER(0.00)[]; DKIM_TRACE(0.00)[gmx.net:+]; RCPT_COUNT_TWO(0.00)[2]; RECEIVED_SPAMHAUS_PBL(0.00)[78.55.136.150:received]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; RBL_DBL_DONT_QUERY_IPS(0.00)[212.227.15.18:from]; ASN(0.00)[asn:8560, ipnet:212.227.0.0/16, country:DE]; RCVD_IN_DNSWL_LOW(-0.10)[212.227.15.18:from]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; R_DKIM_ALLOW(-0.20)[gmx.net:s=badeba3b8450]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; DMARC_NA(0.00)[walstatt.org]; NEURAL_SPAM_SHORT(1.00)[1.000]; SPAMHAUS_ZRD(0.00)[212.227.15.18:from:127.0.2.255]; R_SPF_NA(0.00)[no SPF record]; RWL_MAILSPIKE_POSSIBLE(0.00)[212.227.15.18:from]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[]; MAILMAN_DEST(0.00)[freebsd-current,freebsd-security] X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Dec 2020 05:58:59 -0000 --Sig_/p4UgV9VdW26edeMGse4Ev0Y Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Hello, I've got a question about recently discovered serious vulnerabilities in certain TCP stack implementations, designated as AMNESIA:33 (as far as I could follow the recently made announcements and statements, please see, for instance, https://www.zdnet.com/article/amnesia33-vulnerabilities-impact-millions-of-= smart-and-industrial-devices/). All mentioned open-source TCP stacks seem not to be related in any way with freeBSD or any derivative of the FreeBSD project, but I do not dare to make a statement about that. My question is very simple and aimes towards calming down my employees requests: is FreeBSD potentially vulnerable to this newly discovered flaw (we use mainly 12.1-RELENG, 12.2-RELENG, 12-STABLE and 13-CURRENT, latest incarnations, of course, should be least vulnerable ...). Thanks in advance, O. Hartmann --Sig_/p4UgV9VdW26edeMGse4Ev0Y Content-Type: application/pgp-signature Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- iHUEARYIAB0WIQSy8IBxAPDkqVBaTJ44N1ZZPba5RwUCX9BnmQAKCRA4N1ZZPba5 R3D0AQCdbA0rXdbl2ORRPPhicxy/ZVaVyRrQllLEY0/tyK/hFQEAp1+2NdHltrb3 E+XslRg3/arN9Azw6ntUdwhmHu1v9QQ= =4xpe -----END PGP SIGNATURE----- --Sig_/p4UgV9VdW26edeMGse4Ev0Y--