Date: 03 Jan 2002 16:07:55 -0500 From: Joe Clarke <marcus@marcuscom.com> To: msch@snafu.de Cc: freebsd-security@FreeBSD.ORG, freebsd-stable@FreeBSD.ORG, Peter.Sauerland@siemens.com, iss@cert.siemens.de Subject: Re: TCP Sequence-Prediction (4.5-PRE) Message-ID: <1010092075.86152.20.camel@shumai.marcuscom.com> In-Reply-To: <E16MExc-0003MK-00@clever.eusc.inter.net> References: <E16MExc-0003MK-00@clever.eusc.inter.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 2002-01-03 at 15:59, Matthias Schuendehuette wrote: > Hello, > > my machine at work was scanned with the ISS Scanner, Vers. 6.2.1 and it > complained about TCP Sequence Prediction: > > 'The TCP sequence was found to be predictable.' > > I was advised to install FreeBSD 4.1.1-STABLE after 2000-09-28 or later > :-) as listed in FreBSD-SA-00:52. > > I looked at the published Patch in FreBSD-SA-00:52 but couldn't find > the Sourcecode Sequence to be patched any more (I wasn't wondering). > > But so, what shall I do, who's to blame? Is the ISS lying? Is there any > advice from the FreeBSD Security Officer or the developers how to > proceed further? Is this what you're looking for: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00%3A52/tcp-iss.patch Joe > > TIA - Matthias > > -- > *************************************************************************** > * Matthias Schuendehuette msch@snafu.de * > * Solmsstrasse 44 * > * D-10961 Berlin Engineering Systems Support and Operation * > * Germany (Powered by FreeBSD 4.5-PRERELEASE) * > *************************************************************************** > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-stable" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1010092075.86152.20.camel>