From owner-freebsd-security@FreeBSD.ORG Mon May 23 16:28:02 2005 Return-Path: X-Original-To: security@freebsd.org Delivered-To: freebsd-security@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CD3FD16A41C for ; Mon, 23 May 2005 16:28:02 +0000 (GMT) (envelope-from nectar@FreeBSD.org) Received: from gw.celabo.org (gw.celabo.org [208.42.49.153]) by mx1.FreeBSD.org (Postfix) with ESMTP id 75C0B43D48 for ; Mon, 23 May 2005 16:28:02 +0000 (GMT) (envelope-from nectar@FreeBSD.org) Received: from lum.celabo.org (lum.celabo.org [10.0.1.107]) by gw.celabo.org (Postfix) with ESMTP id ED7023E2D33; Mon, 23 May 2005 11:28:01 -0500 (CDT) Received: from [127.0.0.1] (localhost [127.0.0.1]) by lum.celabo.org (Postfix) with ESMTP id AD2A9FA14C; Mon, 23 May 2005 11:28:00 -0500 (CDT) In-Reply-To: <20050519105313.GC2724@unixpages.org> References: <20050519105313.GC2724@unixpages.org> Mime-Version: 1.0 (Apple Message framework v728) Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg=pgp-sha1; boundary="Apple-Mail-1--1028004459" Message-Id: <97D5BFC7-D07D-4DB5-A6C2-D4C71C679CA4@FreeBSD.org> Content-Transfer-Encoding: 7bit From: Jacques Vidrine Date: Mon, 23 May 2005 11:27:12 -0500 To: Christian Brueffer X-Pgp-Agent: GPGMail 1.1 (Tiger) X-Mailer: Apple Mail (2.728) Cc: security@freebsd.org Subject: Re: TCP timestamp vulnerability X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 May 2005 16:28:04 -0000 --Apple-Mail-1--1028004459 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed On May 19, 2005, at 5:53 AM, Christian Brueffer wrote: > Hi, > > fixes for the vulnerability described in http://www.kb.cert.org/ > vuls/id/637934 > were checked in to CURRENT and RELENG_5 by ps in April. > > http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet/tcp_input.c > > Revisions 1.270 and 1.252.2.16 > > He didn't commit it to RELENG_5_4 for some reason, so 5.4 shipped with > it. > > My guess is that he didn't notify you guys either. > > I stumbled upon this through a Heise News article at > http://www.heise.de/newsticker/meldung/59672. Sent them an update > about > the fixed branches, but they'd like to know why this wasn't > communicated > back to US-CERT yadda yadda yadda. Thanks, Christian. No, ps@ didn't point it out. It gets a little confusing too, since I see that the work was submitted by multiple folks, one of which reported another related vulnerability to us on May 18 (7 days after that commit). Now to try to untangle what is what ... -- Jacques A Vidrine / NTT/Verio nectar@celabo.org / jvidrine@verio.net / nectar@freebsd.org --Apple-Mail-1--1028004459 content-type: application/pgp-signature; x-mac-type=70674453; name=PGP.sig content-description: This is a digitally signed message part content-disposition: inline; filename=PGP.sig content-transfer-encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (Darwin) iD8DBQFCkgSPjDKM/xYG25URArAnAKCN1YwkK/jr3fGSNkU2bdPoHS0aoQCdHH5n YlN9I4ebA3qqgEFDI4eNUao= =mwFb -----END PGP SIGNATURE----- --Apple-Mail-1--1028004459--