Date: Thu, 5 Feb 2004 15:12:30 +0800 From: Xin LI <delphij@frontfree.net> To: Syahrul Sazli Shaharir <sazli@jaring.my> Cc: freebsd-security@freebsd.org Subject: Re: Status Check: CVE CAN-2004-0002 Message-ID: <20040205071230.GA34699@frontfree.net> In-Reply-To: <20040205103946.W1640@localhost> References: <20040205103946.W1640@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
--VS++wcV0S1rZb1Fb Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Thu, Feb 05, 2004 at 10:58:30AM +0800, Syahrul Sazli Shaharir wrote: > Just want to ask about the status of this:- > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0002 Some discuss took place about this issue. Unfortuanatelly, the commit seemed to generating some problem, and that delaied the MFC to -STABLE. This will be hopefully better resolved, and you may want to manually apply the -STABLE patch available here: http://www.nrg4u.com/freebsd/tcpminmss-4stable-20040107.diff In my test, the patch will mitigate MSS exhaustion attacks, but it also disrupt some normal operations, for example, if you ssh to a remote box and do mergemaster and the computer responds fast enough, the connection will be dropped, if you did not set the sysctl's properly. I am looking for some other mechanisms on mitigating this issue. You may want to consult andre@ for detailed information. -- Xin LI <delphij frontfree net> http://www.delphij.net/ See complete headers for GPG key and other information. --VS++wcV0S1rZb1Fb Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFAIezeOfuToMruuMARAjU4AJ9D4lBNV7Obcpi2njOjYSquBFA1sgCdHynd e8qfJ5fSwHZe7/8Q8732/3M= =ubBa -----END PGP SIGNATURE----- --VS++wcV0S1rZb1Fb--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040205071230.GA34699>