tcp timestamp vulnerability?
John-Mark Gurney
gurney_j at resnet.uoregon.edu
Thu May 19 10:03:35 PDT 2005
Andre Oppermann wrote this message on Thu, May 19, 2005 at 11:42 +0200:
> Christian Brueffer wrote:
> >
> > Hi,
> >
> > has anyone taken a look at http://www.kb.cert.org/vuls/id/637934?
>
> sys/netinet/tcp_input.c Revision 1.270, Sun Apr 10 05:24:59 2005 UTC
> (5 weeks, 4 days ago) by ps
> Branch: MAIN
> Changes since 1.269: +23 -3 lines
>
> - Tighten up the Timestamp checks to prevent a spoofed segment from
> setting ts_recent to an arbitrary value, stopping further
> communication between the two hosts.
> - If the Echoed Timestamp is greater than the current time,
> fall back to the non RFC 1323 RTT calculation.
>
> Submitted by: Raja Mukerji (raja at moselle dot com)
> Reviewed by: Noritoshi Demizu, Mohan Srinivasan
Looks like someone needs to get an offical statement out, since CERT
still lists FreeBSD as vulnerable (as of 16-Mar-2005)...
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I have, has not."
More information about the freebsd-net
mailing list