PAWS security vulnerability
Tim Traver
tt-list at simplenet.com
Thu May 19 13:31:20 PDT 2005
Ted,
thanks for taking a look at this. I'm not sure I have the ability to
test out your patch. Maybe someone else on this fine list can ?
But this sounds like a pretty severe DOS issue that seems to be
relatively simple to implement.
Do you know if the 5.x branch is affected by this as well ?
Tim.
Ted Mittelstaedt wrote:
>Hi Tim,
>
> Here is a slight mod of the OpenBSD patch for OpenBSD 3.6 that has been
>rewritten for FreeBSD 4.11. YMMV If it works I would submit it to the
>FreeBSD
>security list. The only change I made is OpenBSD defines "tiflags"
>FreeBSD defines
>"thflags" I assume they are the same thing. The file is in
>/usr/src/sys/netinet
>
>Turning off the timestamps would be a good way to make your network go
>slow.
>
>*** tcp_input.c.original Thu May 19 11:52:30 2005
>--- tcp_input.c Thu May 19 12:00:14 2005
>***************
>*** 976,984 ****
>--- 976,992 ----
> * record the timestamp.
> * NOTE that the test is modified according to the latest
> * proposal of the tcplw at cray.com list (Braden
>1993/04/26).
>+ * NOTE2 additional check added as a result of PAWS
>vulnerability
>+ * documented in Cisco security notice
>cisco-sn-20050518-tcpts
>+ * from OpenBSD patch for OpenBSD 3.6 015_tcp.patch
> */
> if ((to.to_flags & TOF_TS) != 0 &&
> SEQ_LEQ(th->th_seq, tp->last_ack_sent)) {
>+ if (SEQ_LEQ(tp->last_ack_sent, th->th_seq + tlen
>+
>+ ((thflags & (TH_SYN|TH_FIN)) != 0)))
>+ tp->ts_recent = to.to_tsval;
>+ else
>+ tp->ts_recent = 0;
> tp->ts_recent_age = ticks;
> tp->ts_recent = to.to_tsval;
> }
>
>Ted
>
>
>
>>-----Original Message-----
>>From: owner-freebsd-questions at freebsd.org
>>[mailto:owner-freebsd-questions at freebsd.org]On Behalf Of Tim Traver
>>Sent: Thursday, May 19, 2005 10:09 AM
>>To: bsd
>>Subject: PAWS security vulnerability
>>
>>
>>Hi all,
>>
>>ok, this article was just published about a PAWS TCP DOS
>>vulnerability,
>>and lists freeBSD 4.x as affected.
>>
>>http://www.securityfocus.com/bid/13676/info/
>>
>>Does anyone know how to turn the TCP timestamps off on FreeBSD 4.x ?
>>
>>and is 5.4 affected too ?
>>
>>Tim.
>>
>>_______________________________________________
>>freebsd-questions at freebsd.org mailing list
>>http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>>To unsubscribe, send any mail to
>>"freebsd-questions-unsubscribe at freebsd.org"
>>
>>
>>
>
>
>
More information about the freebsd-questions
mailing list