From owner-freebsd-current@FreeBSD.ORG Thu Apr 22 09:03:56 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7E17216A4CF for ; Thu, 22 Apr 2004 09:03:56 -0700 (PDT) Received: from mailtoaster1.pipeline.ch (mailtoaster1.pipeline.ch [62.48.0.70]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8527843D2D for ; Thu, 22 Apr 2004 09:03:55 -0700 (PDT) (envelope-from andre@freebsd.org) Received: (qmail 89804 invoked from network); 22 Apr 2004 16:03:54 -0000 Received: from unknown (HELO freebsd.org) ([62.48.0.53]) (envelope-sender ) by mailtoaster1.pipeline.ch (qmail-ldap-1.03) with SMTP for ; 22 Apr 2004 16:03:54 -0000 Message-ID: <4087ECE9.E74B7EF3@freebsd.org> Date: Thu, 22 Apr 2004 18:03:54 +0200 From: Andre Oppermann X-Mailer: Mozilla 4.76 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: current@freebsd.org, net@freebsd.org, security@freebsd.org Content-Type: multipart/mixed; boundary="------------408A56302E1216CAA90B06A1" Subject: [Fwd: NetBSD Security Advisory 2004-006: TCP protocol andimplementation vulnerability] X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Apr 2004 16:03:56 -0000 This is a multi-part message in MIME format. --------------408A56302E1216CAA90B06A1 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit FYI --------------408A56302E1216CAA90B06A1 Content-Type: message/rfc822 Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Mozilla-Status2: 00000000 Message-ID: <4087C5B4.D80833B1@freebsd.org> Date: Thu, 22 Apr 2004 15:16:36 +0200 From: Andre Oppermann X-Mailer: Mozilla 4.76 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: bugtraq@securityfocus.com Subject: Re: NetBSD Security Advisory 2004-006: TCP protocol and implementation vulnerability References: <20040421181435.GR8091@mail> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit The additional implementation flaw of BSD based TCP/IP stacks has been fixed in FreeBSD in revision 1.81 of tcp_input.c in 1998 for FreeBSD 2.2 and 3.0 and all releases since about six years ago. -- Andre NetBSD Security-Officer wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > NetBSD Security Advisory 2004-006 > ================================= > > Topic: TCP protocol and implementation vulnerability > > Severity: Serious (TCP disconnected by malicious party, unwanted data > injected into TCP stream) > > Abstract > ======== > > The longstanding TCP protocol specification has several weaknesses. > (RFC793): > > - - fabricated RST packets from a malicious third party can tear down a > TCP session > - - fabricated SYN packets from a malicious third party can tear down a > TCP session > - - a malicious third party can inject data to TCP session without much > difficulty > > NetBSD also had an additional implementation flaw, which made these > attacks easier. --------------408A56302E1216CAA90B06A1--