From owner-freebsd-security@FreeBSD.ORG  Thu Jan 29 15:51:46 2015
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id E43866D
 for <freebsd-security@freebsd.org>; Thu, 29 Jan 2015 15:51:46 +0000 (UTC)
Received: from mail-ie0-x234.google.com (mail-ie0-x234.google.com
 [IPv6:2607:f8b0:4001:c03::234])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 98A85DAE
 for <freebsd-security@freebsd.org>; Thu, 29 Jan 2015 15:51:46 +0000 (UTC)
Received: by mail-ie0-f180.google.com with SMTP id rl12so35206503iec.11
 for <freebsd-security@freebsd.org>; Thu, 29 Jan 2015 07:51:45 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:in-reply-to:references:date:message-id:subject:from:to
 :content-type; bh=Ks4vkTKol+X6DuwZqVxmztkW3r3U3QTIEsG+NvhEMTI=;
 b=h5d94bsEesdIZAstlfuZDBG/mEeqJw1ZjvxMKpYtBY27wEJZo1pzzGkJO7viPDeNFH
 bmZcidKConyupuO1W3ejAGyRiW1J8grKXyMiaLP55FVMXFfmoxQ7NbdP170z+v2nNbcg
 yPjPJYEdsZWhSXC/53LwrS32A+MflEoq68WwHD/ByULoMCs70P0k019lvBfAfDzkdWfO
 rKXXTbliuAeuEt2TFzLVhpsMHiP9L7aJ1RVFKDvapxR7uX8hEo2iH/xolBPaDk4OtU34
 Hy7Ify2XAwTtsRRAAi2DgH62lF0CnD2n7K/pFC7YA31/os3F0362T6DgMg+eS98TcbQX
 7IdA==
MIME-Version: 1.0
X-Received: by 10.42.21.78 with SMTP id j14mr1183642icb.43.1422546705613; Thu,
 29 Jan 2015 07:51:45 -0800 (PST)
Received: by 10.36.8.215 with HTTP; Thu, 29 Jan 2015 07:51:45 -0800 (PST)
In-Reply-To: <20150129143111.GA29167@in-addr.com>
References: <mailman.92.1422446402.71362.freebsd-security@freebsd.org>
 <20150128194011.2175B19F@hub.freebsd.org>
 <20150128211910.80082283DA18@rock.dv.isc.org>
 <54C966BF.9000803@rewt.org.uk> <54C9837C.8090704@akips.com>
 <CAKE2PDsC8dvx23H5DZ_b90F7PmPr3LB8kyw68SbuHgF4Hb+nkA@mail.gmail.com>
 <20150130011402.P36378@sola.nimnet.asn.au>
 <20150129143111.GA29167@in-addr.com>
Date: Thu, 29 Jan 2015 10:51:45 -0500
Message-ID: <CA+QLa9AO65BYOe5yCPdJYbHdnXFK_fm4RAGW0NP4O8Qo+nt4bg@mail.gmail.com>
Subject: Re: FreeBSD Security Advisory FreeBSD-SA-15:02.kmem
From: Robert Simmons <rsimmons0@gmail.com>
To: freebsd-security@freebsd.org
Content-Type: text/plain; charset=UTF-8
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Jan 2015 15:51:47 -0000

Nonsense. Throw out a protocol that is more resistant to
Man-In-The-Middle and DDoS attacks due to an implementation bug? This
is a protocol that is built on lessons learned from TCP.

What should be done is more work improving the implementation and
widening the usage and uptake of SCTP.

On Thu, Jan 29, 2015 at 9:31 AM, Gary Palmer <gpalmer@freebsd.org> wrote:
> So even if you don't use SCTP, if someone got a shell on your box
> they could potentially use SCTP to get root or modify kernel memory
> to break out of a jail, etc.
>
> In other words, you don't necessarily need to use SCTP to be affected
> by vulnerabilities in it.