Date: Fri, 12 Jan 2018 18:41:15 +1100 From: Peter Jeremy <peter@rulingia.com> To: Brahmanand Reddy <brahma.gdb@gmail.com> Cc: freebsd-security@FreeBSD.org Subject: Re: Need FreeBSD-SA-00:52(TCP uses weak initial sequence numbers) latest patch Message-ID: <20180112074115.GB75633@server.rulingia.com> In-Reply-To: <CAKsRH7k=daNfKzjVoyqhDeXj5Z1G1C5-Xt4uA2LRs3dUsGZKyw@mail.gmail.com> References: <CAKsRH7nsVmhSMUT7TNzGfuN55_J9BkLBzO=8dvjLGvOZtri%2BuQ@mail.gmail.com> <CAKsRH7nsUfkkLfoEuJXBcVpH%2BgnNRpLNb0fjxkJN-xKQnenuQg@mail.gmail.com> <44k1wnes1w.fsf@be-well.ilk.org> <CAKsRH7=hyRPG6vEUi_tYSUXtSr58WKoegaDhNzG_qSQie=aUpQ@mail.gmail.com> <20180112061425.GA75633@server.rulingia.com> <CAKsRH7k=daNfKzjVoyqhDeXj5Z1G1C5-Xt4uA2LRs3dUsGZKyw@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--v9Ux+11Zm5mwPlX6 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2018-Jan-12 12:33:21 +0530, Brahmanand Reddy <brahma.gdb@gmail.com> wrot= e: >TCP uses weak initial sequence numbers >https://www.freebsd.org/security/advisories/FreeBSD-SA-00%3A52.tcp-iss.asc As has been pointed out to you several times in this thread, that SA is nearly 20 years old and there is no evidence that TCP on any recent FreeBSD uses weak ISNs. >actually "arc4random()" will take care on https://github.com/freebsd/ >freebsd/blob/master/sys/netinet/tcp_subr.c#L2374 Without studying the code in detail, that code appears to correctly use arc4random() to initialise the ISN - which is as expected. > I suspecting 10.4 already having fix... but i didn't found on exactly >which this problem from https://www.freebsd.org/security/patches/ Well, the original patch is https://www.freebsd.org/security/patches/SA-00%3A52/ and was committed as what is now https://svnweb.freebsd.org/base?view=3Drevision&revision=3D6= 6433 Since that patch is integrated into the FreeBSD codebase, there's no need to update the contents of https://www.freebsd.org/security/patches/SA-00%3A= 52/ and it is not relevant to the current codebase. > i would like expecting where is the fix in 10,4 kernel. That code was re-written in r82122, retaining the use of arc4random() for ISN initialisation. As a result, it's no longer possible to point at specific code and say "that code fixes weak TCP ISNs". --=20 Peter Jeremy --v9Ux+11Zm5mwPlX6 Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEE7rKYbDBnHnTmXCJ+FqWXoOSiCzQFAlpYZppfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEVF QjI5ODZDMzA2NzFFNzRFNjVDMjI3RTE2QTU5N0EwRTRBMjBCMzQACgkQFqWXoOSi CzQkpRAAhhhontw1LuvqHKZ6WjoDHgPJDYVi3a3MTp7YLsjuKBGcBIKj8TP54UOB qAS28lrwInizLVLW7pnwoOkfEmtxtCW5jRAFn9P9fnGmhtxLh4eFydtEopo4yybQ 6eQeMyN+EHrJSMqZJhJ2mxSHfrF/IjY28d3i1e25AXeu9P4ZC+McCsV0VlWQ6V4i PYtTLQm+xo1/3fJZqh/uu4gfHV2aMH4yjjDpk7XL5jxvRXcF1Y/+jVoMI4ktuX8+ gvakONIdQfVGIQ97p/Wf6Iwzgr86+STw40wRoPFhf/GXUae1P4HspedSnnqatiVn YOSdMgfV8YAIW7vC3eJE5NNrz+MkgpF1j1EKq9ld+hLV/L6ISedtnNyxu5QSZbOu W7IoPtYksyuftRdaOB3HcgHW42tcA38BJLESHGoWAIWEmFl21lkUyeXCyZoqpGSO zeEGOh30t+5c84VxzOwZlsp7QfUTZR7cS6bXk+TysZOhp+vrXqJNMCHZ1ICinj7k lFOuTkfXFgJ/53OVVqmF3P8X8r9aKGP1Rj/A6DHBfwxwimJEKvfmb67xH2LfQaEv 4kRs17TMxFMYNhVSIbpQ8i5oemXjm6TnYrrW0QtNDLq4hFA5ThAMm55n+Mdo8F7A VxN5F2b38EH5dk4hvOQuUACLtD2r9FOeSLV6m0e4UAfciIyuaMg= =tQEs -----END PGP SIGNATURE----- --v9Ux+11Zm5mwPlX6--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20180112074115.GB75633>