AMNESIA:33 and FreeBSD TCP/IP stack involvement
John-Mark Gurney
jmg at funkthat.com
Thu Dec 10 20:02:53 UTC 2020
Hartmann, O. wrote this message on Wed, Dec 09, 2020 at 06:58 +0100:
> I've got a question about recently discovered serious vulnerabilities
> in certain TCP stack implementations, designated as AMNESIA:33 (as far
> as I could follow the recently made announcements and statements,
> please see, for instance,
> https://www.zdnet.com/article/amnesia33-vulnerabilities-impact-millions-of-smart-and-industrial-devices/).
>
> All mentioned open-source TCP stacks seem not to be related in any way
> with freeBSD or any derivative of the FreeBSD project, but I do not
> dare to make a statement about that.
>
> My question is very simple and aimes towards calming down my employees
> requests: is FreeBSD potentially vulnerable to this newly discovered
> flaw (we use mainly 12.1-RELENG, 12.2-RELENG, 12-STABLE and 13-CURRENT,
> latest incarnations, of course, should be least vulnerable ...).
I'd be surprised if FreeBSD is vulnerable to those flaws, but I cannot
make any official statement as there are too many to even start to
investigate them.
Also of note is that there were three other IP stacks that were NOT
vulnerable to ANY new security issues in that report as well, so it
isn't like the report found security vulnerability in every TCP/IP
stack they tested.
The best way to have confidence is to pay people to analyize and
verify that the FreeBSD TCP/IP stack is secure, just as it is w/
any critical code that a company runs.
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I have, has not."
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 949 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-current/attachments/20201210/4ee392db/attachment.sig>
More information about the freebsd-current
mailing list