Need FreeBSD-SA-00:52(TCP uses weak initial sequence numbers) latest patch

[Brahmanand Reddy]

Hi Kurt,

Thanks lot responding my mail,

Please explain why you think this should be an issue for FreeBSD 10.2 ?

Currently  i am using 10.2 and 10.4,  i found this problem/vulnerability
still exist using below script

 #!/usr/local/bin/python
from scapy.all import *

# VARIABLES
src = str(input('IP SRC: '))
dst = str(input('IP DST: '))

sport = random.randint(1024,65535)
dport = int(input("DST PORT: "))


# SYN
ip=IP(src=src,dst=dst)
SYN=TCP(sport=sport,dport=dport,flags='S',seq=random.randint(1024,1048576),
ack=0)
SYNACK=sr1(ip/SYN)
print('Seq1 Number is :',SYNACK[TCP].seq)             ==> Seq1

# RST
RST=TCP(sport=sport, dport=dport, flags='R', seq=SYNACK.ack, ack=0)
send(ip/RST)

#SYN
SYN2=TCP(sport=sport,dport=dport,flags='S',seq=random.randint(1024,1048576),
ack=0)
SYNACK2=sr1(ip/SYN2)
print('Seq2 Number is :',SYNACK2[TCP].seq)                           ==>
same ISN  number  i observed/receiving.

  I mean seq1=seq2, TCP ISN reusing.

 i think  the patch is available on 10.4 on wards,   but i dint found
exactly/similar patch from https://www.freebsd.org/security/patches/

  It could be great to confirm what is the corresponding latest patch this
problem would be solved.    Kindly correct me anything i am missing.


Sincerely,
Brahma




On Thu, Jan 11, 2018 at 10:45 PM, Kurt Jaeger <pi at freebsd.org> wrote:

> Hi!
>
> > Please share the corresponding FreeBSD-SA-00:52(*TCP uses weak initial
> > sequence numbers*) latest patch.
> >
> > the original problem reported on :
> > https://www.freebsd.org/security/advisories/FreeBSD-
> SA-00%3A52.tcp-iss.asc
>
> That's a security annoucement for FreeBSD 3.x to 5.x.
>
> Please explain why you think this should be an issue for FreeBSD 10.2 ?
>
> And, by the way: FreeBSD 10.2 is a old, no-longer supported version.
>
> https://www.freebsd.org/releases/
>
> lists which versions are still supported.
>
> --
> pi at FreeBSD.org         +49 171 3101372                2 years to go !
>