Status Check: CVE CAN-2004-0002

Xin LI delphij at
Wed Feb 4 23:12:43 PST 2004

On Thu, Feb 05, 2004 at 10:58:30AM +0800, Syahrul Sazli Shaharir wrote:

> Just want to ask about the status of this:-

Some discuss took place about this issue. Unfortuanatelly, the commit
seemed to generating some problem, and that delaied the MFC to -STABLE.
This will be hopefully better resolved, and you may want to manually
apply the -STABLE patch available here:

In my test, the patch will mitigate MSS exhaustion attacks, but
it also disrupt some normal operations, for example, if you ssh
to a remote box and do mergemaster and the computer responds fast
enough, the connection will be dropped, if you did not set the
sysctl's properly.

I am looking for some other mechanisms on mitigating this issue.
You may want to consult andre@ for detailed information.

Xin LI <delphij frontfree net>
See complete headers for GPG key and other information.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url :

More information about the freebsd-security mailing list