Date: Fri, 12 Jan 2018 06:50:45 +0530 From: Brahmanand Reddy <brahma.gdb@gmail.com> To: Postmaster Team <postmaster@freebsd.org>, freebsd-security-owner@freebsd.org, FreeBSD-security@freebsd.org Subject: Re: Need FreeBSD-SA-00:52(TCP uses weak initial sequence numbers) latest patch Message-ID: <CAKsRH7kX_61MxjK32h0zYc=MejPTYMX6BxAjAfuuRVUxpGhZwg@mail.gmail.com> In-Reply-To: <20180111171545.GC68137@fc.opsec.eu> References: <CAKsRH7nsVmhSMUT7TNzGfuN55_J9BkLBzO=8dvjLGvOZtri%2BuQ@mail.gmail.com> <20180111171545.GC68137@fc.opsec.eu>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Kurt, Thanks lot responding my mail, Please explain why you think this should be an issue for FreeBSD 10.2 ? Currently i am using 10.2 and 10.4, i found this problem/vulnerability still exist using below script #!/usr/local/bin/python from scapy.all import * # VARIABLES src = str(input('IP SRC: ')) dst = str(input('IP DST: ')) sport = random.randint(1024,65535) dport = int(input("DST PORT: ")) # SYN ip=IP(src=src,dst=dst) SYN=TCP(sport=sport,dport=dport,flags='S',seq=random.randint(1024,1048576), ack=0) SYNACK=sr1(ip/SYN) print('Seq1 Number is :',SYNACK[TCP].seq) ==> Seq1 # RST RST=TCP(sport=sport, dport=dport, flags='R', seq=SYNACK.ack, ack=0) send(ip/RST) #SYN SYN2=TCP(sport=sport,dport=dport,flags='S',seq=random.randint(1024,1048576), ack=0) SYNACK2=sr1(ip/SYN2) print('Seq2 Number is :',SYNACK2[TCP].seq) ==> same ISN number i observed/receiving. I mean seq1=seq2, TCP ISN reusing. i think the patch is available on 10.4 on wards, but i dint found exactly/similar patch from https://www.freebsd.org/security/patches/ It could be great to confirm what is the corresponding latest patch this problem would be solved. Kindly correct me anything i am missing. Sincerely, Brahma On Thu, Jan 11, 2018 at 10:45 PM, Kurt Jaeger <pi@freebsd.org> wrote: > Hi! > > > Please share the corresponding FreeBSD-SA-00:52(*TCP uses weak initial > > sequence numbers*) latest patch. > > > > the original problem reported on : > > https://www.freebsd.org/security/advisories/FreeBSD- > SA-00%3A52.tcp-iss.asc > > That's a security annoucement for FreeBSD 3.x to 5.x. > > Please explain why you think this should be an issue for FreeBSD 10.2 ? > > And, by the way: FreeBSD 10.2 is a old, no-longer supported version. > > https://www.freebsd.org/releases/ > > lists which versions are still supported. > > -- > pi@FreeBSD.org +49 171 3101372 2 years to go ! >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAKsRH7kX_61MxjK32h0zYc=MejPTYMX6BxAjAfuuRVUxpGhZwg>