Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 12 Jan 2018 06:50:45 +0530
From:      Brahmanand Reddy <brahma.gdb@gmail.com>
To:        Postmaster Team <postmaster@freebsd.org>, freebsd-security-owner@freebsd.org, FreeBSD-security@freebsd.org
Subject:   Re: Need FreeBSD-SA-00:52(TCP uses weak initial sequence numbers) latest patch
Message-ID:  <CAKsRH7kX_61MxjK32h0zYc=MejPTYMX6BxAjAfuuRVUxpGhZwg@mail.gmail.com>
In-Reply-To: <20180111171545.GC68137@fc.opsec.eu>
References:  <CAKsRH7nsVmhSMUT7TNzGfuN55_J9BkLBzO=8dvjLGvOZtri%2BuQ@mail.gmail.com> <20180111171545.GC68137@fc.opsec.eu>

next in thread | previous in thread | raw e-mail | index | archive | help
Hi Kurt,

Thanks lot responding my mail,

Please explain why you think this should be an issue for FreeBSD 10.2 ?

Currently  i am using 10.2 and 10.4,  i found this problem/vulnerability
still exist using below script

 #!/usr/local/bin/python
from scapy.all import *

# VARIABLES
src = str(input('IP SRC: '))
dst = str(input('IP DST: '))

sport = random.randint(1024,65535)
dport = int(input("DST PORT: "))


# SYN
ip=IP(src=src,dst=dst)
SYN=TCP(sport=sport,dport=dport,flags='S',seq=random.randint(1024,1048576),
ack=0)
SYNACK=sr1(ip/SYN)
print('Seq1 Number is :',SYNACK[TCP].seq)             ==> Seq1

# RST
RST=TCP(sport=sport, dport=dport, flags='R', seq=SYNACK.ack, ack=0)
send(ip/RST)

#SYN
SYN2=TCP(sport=sport,dport=dport,flags='S',seq=random.randint(1024,1048576),
ack=0)
SYNACK2=sr1(ip/SYN2)
print('Seq2 Number is :',SYNACK2[TCP].seq)                           ==>
same ISN  number  i observed/receiving.

  I mean seq1=seq2, TCP ISN reusing.

 i think  the patch is available on 10.4 on wards,   but i dint found
exactly/similar patch from https://www.freebsd.org/security/patches/

  It could be great to confirm what is the corresponding latest patch this
problem would be solved.    Kindly correct me anything i am missing.


Sincerely,
Brahma




On Thu, Jan 11, 2018 at 10:45 PM, Kurt Jaeger <pi@freebsd.org> wrote:

> Hi!
>
> > Please share the corresponding FreeBSD-SA-00:52(*TCP uses weak initial
> > sequence numbers*) latest patch.
> >
> > the original problem reported on :
> > https://www.freebsd.org/security/advisories/FreeBSD-
> SA-00%3A52.tcp-iss.asc
>
> That's a security annoucement for FreeBSD 3.x to 5.x.
>
> Please explain why you think this should be an issue for FreeBSD 10.2 ?
>
> And, by the way: FreeBSD 10.2 is a old, no-longer supported version.
>
> https://www.freebsd.org/releases/
>
> lists which versions are still supported.
>
> --
> pi@FreeBSD.org         +49 171 3101372                2 years to go !
>



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAKsRH7kX_61MxjK32h0zYc=MejPTYMX6BxAjAfuuRVUxpGhZwg>