Date: Fri, 12 Jan 2018 08:16:38 +0530 From: Brahmanand Reddy <brahma.gdb@gmail.com> To: freebsd-security@freebsd.org Subject: Re: Need FreeBSD-SA-00:52(TCP uses weak initial sequence numbers) latest patch Message-ID: <CAKsRH7=hyRPG6vEUi_tYSUXtSr58WKoegaDhNzG_qSQie=aUpQ@mail.gmail.com> In-Reply-To: <44k1wnes1w.fsf@be-well.ilk.org> References: <CAKsRH7nsVmhSMUT7TNzGfuN55_J9BkLBzO=8dvjLGvOZtri%2BuQ@mail.gmail.com> <CAKsRH7nsUfkkLfoEuJXBcVpH%2BgnNRpLNb0fjxkJN-xKQnenuQg@mail.gmail.com> <44k1wnes1w.fsf@be-well.ilk.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Lowell,
Yes its has been fixed 20 years back, but this patch not available on
10.2/10.4 source code, still the problem exist on 10.4 too, Please find
below snip of patch
Index: tcp_seq.h
===================================================================
RCS file: /usr2/ncvs/src/sys/netinet/tcp_seq.h,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -r1.11 -r1.12
--- tcp_seq.h 1999/12/29 04:41:02 1.11
+++ tcp_seq.h 2000/09/29 01:37:19 1.12
@@ -31,7 +31,7 @@
* SUCH DAMAGE.
*
* @(#)tcp_seq.h 8.3 (Berkeley) 6/21/95
- * $FreeBSD: src/sys/netinet/tcp_seq.h,v 1.11 1999/12/29 04:41:02 peter
Exp $
+ * $FreeBSD: src/sys/netinet/tcp_seq.h,v 1.12 2000/09/29 01:37:19 kris Exp
$
*/
#ifndef _NETINET_TCP_SEQ_H_
@@ -91,7 +91,7 @@
* number in the range [0-0x3ffff] that is hard to predict.
*/
#ifndef tcp_random18
-#define tcp_random18() ((random() >> 14) & 0x3ffff)
+#define tcp_random18() (arc4random() & 0x3ffff)
#endif
#define TCP_ISSINCR (122*1024 + tcp_random18())
Index: tcp_subr.c
===================================================================
RCS file: /usr2/ncvs/src/sys/netinet/tcp_subr.c,v
retrieving revision 1.80
retrieving revision 1.81
diff -u -r1.80 -r1.81
--- tcp_subr.c 2000/09/25 23:40:22 1.80
+++ tcp_subr.c 2000/09/29 01:37:19 1.81
@@ -31,7 +31,7 @@
* SUCH DAMAGE.
*
* @(#)tcp_subr.c 8.2 (Berkeley) 5/24/95
- * $FreeBSD: src/sys/netinet/tcp_subr.c,v 1.80 2000/09/25 23:40:22
bmilekic Exp $
+ * $FreeBSD: src/sys/netinet/tcp_subr.c,v 1.81 2000/09/29 01:37:19 kris
Exp $
*/
#include "opt_compat.h"
@@ -178,7 +178,7 @@
{
int hashsize;
- tcp_iss = random(); /* wrong, but better than a constant */
+ tcp_iss = arc4random(); /* wrong, but better than a constant */
tcp_ccgen = 1;
tcp_cleartaocache();
i suspect 10.4.& above the patch is released, but i didn't found exactly
/corresponding from https://www.freebsd.org/security/patches/
i would expecting .. confirm the relevant patch for this problem
Kindly correct me anything missing
Regards,
Brahma
On Fri, Jan 12, 2018 at 7:50 AM, Lowell Gilbert <
freebsd-security-local@be-well.ilk.org> wrote:
> Brahmanand Reddy <brahma.gdb@gmail.com> writes:
>
> >>
> >> Dear Team,
> >>
> >> Thanks for responding.
> >>
> >> Please share the corresponding FreeBSD-SA-00:52(*TCP uses weak initial
> >> sequence numbers*) latest patch.
> >>
> >> the original problem reported on :
> >> https://www.freebsd.org/security/advisories/FreeBSD-
> SA-00%3A52.tcp-iss.asc
> >>
> >> below list of similar CVEs
> >>
> >> CVE-2001-0328
> >> CVE- 1999-0077
> >> CVE-2000-0916
> >>
> >>
> >> Thanks and regards,
> >> Brahma
>
> Those reports were fixed in FreeBSD almost 20 years ago,
> so you already have the fixes.
>
> Moreover, it seems silly to worry about minor security
> patches when you're running a FreeBSD release that has
> been out of support for over a year.
>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAKsRH7=hyRPG6vEUi_tYSUXtSr58WKoegaDhNzG_qSQie=aUpQ>