FreeBSD Security Advisory FreeBSD-SA-15:02.kmem
Robert Simmons
rsimmons0 at gmail.com
Thu Jan 29 15:51:47 UTC 2015
Nonsense. Throw out a protocol that is more resistant to
Man-In-The-Middle and DDoS attacks due to an implementation bug? This
is a protocol that is built on lessons learned from TCP.
What should be done is more work improving the implementation and
widening the usage and uptake of SCTP.
On Thu, Jan 29, 2015 at 9:31 AM, Gary Palmer <gpalmer at freebsd.org> wrote:
> So even if you don't use SCTP, if someone got a shell on your box
> they could potentially use SCTP to get root or modify kernel memory
> to break out of a jail, etc.
>
> In other words, you don't necessarily need to use SCTP to be affected
> by vulnerabilities in it.
More information about the freebsd-security
mailing list