Need FreeBSD-SA-00:52(TCP uses weak initial sequence numbers) latest patch
Brahmanand Reddy
brahma.gdb at gmail.com
Wed Jan 17 14:21:01 UTC 2018
Hi Peter,
My last question on this , recently "Replaced the kernel RC4(arc4random)
with Chacha20" on 11.0 kernel should we apply on 10.4 kernel ??
please find the corresponding review and fix
https://reviews.freebsd.org/D10048 and https://reviews.freebsd.org/rS317015
Thanks in advance,
Brahma
On Fri, Jan 12, 2018 at 1:11 PM, Peter Jeremy <peter at rulingia.com> wrote:
> On 2018-Jan-12 12:33:21 +0530, Brahmanand Reddy <brahma.gdb at gmail.com>
> wrote:
> >TCP uses weak initial sequence numbers
> >https://www.freebsd.org/security/advisories/FreeBSD-
> SA-00%3A52.tcp-iss.asc
>
> As has been pointed out to you several times in this thread, that SA is
> nearly 20 years old and there is no evidence that TCP on any recent FreeBSD
> uses weak ISNs.
>
> >actually "arc4random()" will take care on https://github.com/freebsd/
> >freebsd/blob/master/sys/netinet/tcp_subr.c#L2374
>
> Without studying the code in detail, that code appears to correctly use
> arc4random() to initialise the ISN - which is as expected.
>
> > I suspecting 10.4 already having fix... but i didn't found on exactly
> >which this problem from https://www.freebsd.org/security/patches/
>
> Well, the original patch is
> https://www.freebsd.org/security/patches/SA-00%3A52/ and was committed
> as what is now https://svnweb.freebsd.org/base?view=revision&revision=
> 66433
> Since that patch is integrated into the FreeBSD codebase, there's no need
> to update the contents of https://www.freebsd.org/
> security/patches/SA-00%3A52/
> and it is not relevant to the current codebase.
>
> > i would like expecting where is the fix in 10,4 kernel.
>
> That code was re-written in r82122, retaining the use of arc4random() for
> ISN initialisation. As a result, it's no longer possible to point at
> specific code and say "that code fixes weak TCP ISNs".
>
> --
> Peter Jeremy
>
More information about the freebsd-security
mailing list