From owner-freebsd-stable@FreeBSD.ORG Thu Jul 8 13:03:07 2004 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5F48816A4CE; Thu, 8 Jul 2004 13:03:07 +0000 (GMT) Received: from sccrmhc13.comcast.net (sccrmhc13.comcast.net [204.127.202.64]) by mx1.FreeBSD.org (Postfix) with ESMTP id D50D243D5C; Thu, 8 Jul 2004 13:03:06 +0000 (GMT) (envelope-from rodrigc@crodrigues.org) Received: from h00609772adf0.ne.client2.attbi.com ([66.30.114.143]) by comcast.net (sccrmhc13) with ESMTP id <2004070813030501600o4623e>; Thu, 8 Jul 2004 13:03:06 +0000 Received: from h00609772adf0.ne.client2.attbi.com (localhost [127.0.0.1]) i68D3CRh077413; Thu, 8 Jul 2004 09:03:13 -0400 (EDT) (envelope-from rodrigc@h00609772adf0.ne.client2.attbi.com) Received: (from rodrigc@localhost)i68D3CBk077409; Thu, 8 Jul 2004 09:03:12 -0400 (EDT) (envelope-from rodrigc) Date: Thu, 8 Jul 2004 09:03:11 -0400 From: Craig Rodrigues To: amith bc Message-ID: <20040708130311.GA69588@crodrigues.org> References: <20040708124837.48978.qmail@web40412.mail.yahoo.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040708124837.48978.qmail@web40412.mail.yahoo.com> User-Agent: Mutt/1.4.1i cc: freebsd-stable@FreeBSD.org cc: freebsd-questions@FreeBSD.org Subject: Re: free bsd4.4 lite X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Jul 2004 13:03:07 -0000 On Thu, Jul 08, 2004 at 05:48:37AM -0700, amith bc wrote: > And how is TCP Reset spoofing vulnerability taken care > in BSD? Pl. refer this site which talks of this > vulnerability. > http://www.osvdb.org/displayvuln.php?osvdb_id=4030. > Related issue to this is > http://www.osvdb.org/displayvuln.php?osvdb_id=6094 for > which BSD has given patches. Please help as this is > critical to our project. Do you work for IBM, or under contract to IBM? I remember when I used OS/2 about 7 years ago that the people at IBM in North Carolina had ported their TCP stack from BSD Unix. IBM's port may be earlier than when FreeBSD 4.4 was released. You may be using the "4.4 BSD Lite version", which would map to FreeBSD 2.2 or so. Look at: http://www.freebsd.org/cgi/cvsweb.cgi/src/share/misc/bsd-family-tree?rev=1.81 for a comprehensive list of BSD versions out there. For a CVS log of the FreeBSD version of the file which you are interested in, look at: http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet/tcp_input.c There have been some TCP reset changes since FreeBSD 2.2 (which is quite an old version). -- Craig Rodrigues http://crodrigues.org rodrigc@crodrigues.org