Date: Tue, 29 Dec 2020 12:50:17 -0700 From: "Kurt Buff, GSEC/GCIH/PCIP" <kurt.buff@gmail.com> To: "Hartmann, O." <ohartmann@walstatt.org> Cc: freebsd-security@freebsd.org, freebsd-current@freebsd.org Subject: Re: AMNESIA:33 and FreeBSD TCP/IP stack involvement Message-ID: <CADy1Ce4jEsqBn1EEYk_H1cXC9RX-ASRCd=2-Ooh48_y68d=LQw@mail.gmail.com> In-Reply-To: <20201209065849.47a51561@hermann.fritz.box> References: <20201209065849.47a51561@hermann.fritz.box>
next in thread | previous in thread | raw e-mail | index | archive | help
Recently seen: https://treck.com/vulnerability-response-information/ and https://github.com/Forescout/project-memoria-detector HTH, Kurt On Tue, Dec 8, 2020 at 10:59 PM Hartmann, O. <ohartmann@walstatt.org> wrote: > > Hello, > I've got a question about recently discovered serious vulnerabilities > in certain TCP stack implementations, designated as AMNESIA:33 (as far > as I could follow the recently made announcements and statements, > please see, for instance, > https://www.zdnet.com/article/amnesia33-vulnerabilities-impact-millions-of-smart-and-industrial-devices/). > > All mentioned open-source TCP stacks seem not to be related in any way > with freeBSD or any derivative of the FreeBSD project, but I do not > dare to make a statement about that. > > My question is very simple and aimes towards calming down my employees > requests: is FreeBSD potentially vulnerable to this newly discovered > flaw (we use mainly 12.1-RELENG, 12.2-RELENG, 12-STABLE and 13-CURRENT, > latest incarnations, of course, should be least vulnerable ...). > > Thanks in advance, > > O. Hartmann
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CADy1Ce4jEsqBn1EEYk_H1cXC9RX-ASRCd=2-Ooh48_y68d=LQw>