PAWS security vulnerability

Ted Mittelstaedt tedm at toybox.placo.com
Thu May 19 12:05:15 PDT 2005


Hi Tim,

  Here is a slight mod of the OpenBSD patch for OpenBSD 3.6 that has been
rewritten for FreeBSD 4.11.  YMMV  If it works I would submit it to the
FreeBSD
security list.  The only change I made is OpenBSD defines "tiflags"
FreeBSD defines
"thflags" I assume they are the same thing.  The file is in
/usr/src/sys/netinet

Turning off the timestamps would be a good way to make your network go
slow.

*** tcp_input.c.original        Thu May 19 11:52:30 2005
--- tcp_input.c Thu May 19 12:00:14 2005
***************
*** 976,984 ****
--- 976,992 ----
                 * record the timestamp.
                 * NOTE that the test is modified according to the latest
                 * proposal of the tcplw at cray.com list (Braden
1993/04/26).
+                * NOTE2 additional check added as a result of PAWS
vulnerability
+                * documented in Cisco security notice
cisco-sn-20050518-tcpts
+                * from OpenBSD patch for OpenBSD 3.6 015_tcp.patch
                 */
                if ((to.to_flags & TOF_TS) != 0 &&
                    SEQ_LEQ(th->th_seq, tp->last_ack_sent)) {
+                       if (SEQ_LEQ(tp->last_ack_sent, th->th_seq + tlen
+
+                               ((thflags & (TH_SYN|TH_FIN)) != 0)))
+                                 tp->ts_recent = to.to_tsval;
+                       else
+                               tp->ts_recent = 0;
                        tp->ts_recent_age = ticks;
                        tp->ts_recent = to.to_tsval;
                }

Ted

> -----Original Message-----
> From: owner-freebsd-questions at freebsd.org
> [mailto:owner-freebsd-questions at freebsd.org]On Behalf Of Tim Traver
> Sent: Thursday, May 19, 2005 10:09 AM
> To: bsd
> Subject: PAWS security vulnerability
>
>
> Hi all,
>
> ok, this article was just published about a PAWS TCP DOS
> vulnerability,
> and lists freeBSD 4.x as affected.
>
> http://www.securityfocus.com/bid/13676/info/
>
> Does anyone know how to turn the TCP timestamps off on FreeBSD 4.x ?
>
> and is 5.4 affected too ?
>
> Tim.
>
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe at freebsd.org"
>



More information about the freebsd-questions mailing list