Need FreeBSD-SA-00:52(TCP uses weak initial sequence numbers) latest patch
Peter Jeremy
peter at rulingia.com
Fri Jan 12 07:41:37 UTC 2018
On 2018-Jan-12 12:33:21 +0530, Brahmanand Reddy <brahma.gdb at gmail.com> wrote:
>TCP uses weak initial sequence numbers
>https://www.freebsd.org/security/advisories/FreeBSD-SA-00%3A52.tcp-iss.asc
As has been pointed out to you several times in this thread, that SA is
nearly 20 years old and there is no evidence that TCP on any recent FreeBSD
uses weak ISNs.
>actually "arc4random()" will take care on https://github.com/freebsd/
>freebsd/blob/master/sys/netinet/tcp_subr.c#L2374
Without studying the code in detail, that code appears to correctly use
arc4random() to initialise the ISN - which is as expected.
> I suspecting 10.4 already having fix... but i didn't found on exactly
>which this problem from https://www.freebsd.org/security/patches/
Well, the original patch is
https://www.freebsd.org/security/patches/SA-00%3A52/ and was committed
as what is now https://svnweb.freebsd.org/base?view=revision&revision=66433
Since that patch is integrated into the FreeBSD codebase, there's no need
to update the contents of https://www.freebsd.org/security/patches/SA-00%3A52/
and it is not relevant to the current codebase.
> i would like expecting where is the fix in 10,4 kernel.
That code was re-written in r82122, retaining the use of arc4random() for
ISN initialisation. As a result, it's no longer possible to point at
specific code and say "that code fixes weak TCP ISNs".
--
Peter Jeremy
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 963 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-security/attachments/20180112/0eb203de/attachment.sig>
More information about the freebsd-security
mailing list