PAWS security vulnerability
Ted Mittelstaedt
tedm at toybox.placo.com
Thu May 19 12:05:15 PDT 2005
Hi Tim,
Here is a slight mod of the OpenBSD patch for OpenBSD 3.6 that has been
rewritten for FreeBSD 4.11. YMMV If it works I would submit it to the
FreeBSD
security list. The only change I made is OpenBSD defines "tiflags"
FreeBSD defines
"thflags" I assume they are the same thing. The file is in
/usr/src/sys/netinet
Turning off the timestamps would be a good way to make your network go
slow.
*** tcp_input.c.original Thu May 19 11:52:30 2005
--- tcp_input.c Thu May 19 12:00:14 2005
***************
*** 976,984 ****
--- 976,992 ----
* record the timestamp.
* NOTE that the test is modified according to the latest
* proposal of the tcplw at cray.com list (Braden
1993/04/26).
+ * NOTE2 additional check added as a result of PAWS
vulnerability
+ * documented in Cisco security notice
cisco-sn-20050518-tcpts
+ * from OpenBSD patch for OpenBSD 3.6 015_tcp.patch
*/
if ((to.to_flags & TOF_TS) != 0 &&
SEQ_LEQ(th->th_seq, tp->last_ack_sent)) {
+ if (SEQ_LEQ(tp->last_ack_sent, th->th_seq + tlen
+
+ ((thflags & (TH_SYN|TH_FIN)) != 0)))
+ tp->ts_recent = to.to_tsval;
+ else
+ tp->ts_recent = 0;
tp->ts_recent_age = ticks;
tp->ts_recent = to.to_tsval;
}
Ted
> -----Original Message-----
> From: owner-freebsd-questions at freebsd.org
> [mailto:owner-freebsd-questions at freebsd.org]On Behalf Of Tim Traver
> Sent: Thursday, May 19, 2005 10:09 AM
> To: bsd
> Subject: PAWS security vulnerability
>
>
> Hi all,
>
> ok, this article was just published about a PAWS TCP DOS
> vulnerability,
> and lists freeBSD 4.x as affected.
>
> http://www.securityfocus.com/bid/13676/info/
>
> Does anyone know how to turn the TCP timestamps off on FreeBSD 4.x ?
>
> and is 5.4 affected too ?
>
> Tim.
>
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe at freebsd.org"
>
More information about the freebsd-questions
mailing list