tcp timestamp vulnerability?

John-Mark Gurney gurney_j at resnet.uoregon.edu
Thu May 19 10:03:35 PDT 2005


Andre Oppermann wrote this message on Thu, May 19, 2005 at 11:42 +0200:
> Christian Brueffer wrote:
> > 
> > Hi,
> > 
> > has anyone taken a look at http://www.kb.cert.org/vuls/id/637934?
> 
> sys/netinet/tcp_input.c Revision 1.270, Sun Apr 10 05:24:59 2005 UTC
>  (5 weeks, 4 days ago) by ps
>  Branch: MAIN
>  Changes since 1.269: +23 -3 lines
> 
>  - Tighten up the Timestamp checks to prevent a spoofed segment from
>    setting ts_recent to an arbitrary value, stopping further
>    communication between the two hosts.
>  - If the Echoed Timestamp is greater than the current time,
>    fall back to the non RFC 1323 RTT calculation.
> 
>  Submitted by:	Raja Mukerji (raja at moselle dot com)
>  Reviewed by:	Noritoshi Demizu, Mohan Srinivasan

Looks like someone needs to get an offical statement out, since CERT
still lists FreeBSD as vulnerable (as of 16-Mar-2005)...

-- 
  John-Mark Gurney				Voice: +1 415 225 5579

     "All that I will do, has been done, All that I have, has not."


More information about the freebsd-net mailing list