[Fwd: NetBSD Security Advisory 2004-006: TCP protocol andimplementation vulnerability]
From: Andre Oppermann (andre_at_freebsd.org)
Date: 04/22/04
- Previous message: Lars Eggert: "Re: simulating an LFN over 1Gb LAN Ethernet?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Thu, 22 Apr 2004 18:03:54 +0200 To: current@freebsd.org, net@freebsd.org, security@freebsd.org
FYI
attached mail follows:
Date: Thu, 22 Apr 2004 15:16:36 +0200 To: bugtraq@securityfocus.com
The additional implementation flaw of BSD based TCP/IP stacks has
been fixed in FreeBSD in revision 1.81 of tcp_input.c in 1998 for
FreeBSD 2.2 and 3.0 and all releases since about six years ago.
-- Andre NetBSD Security-Officer wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > NetBSD Security Advisory 2004-006 > ================================= > > Topic: TCP protocol and implementation vulnerability > > Severity: Serious (TCP disconnected by malicious party, unwanted data > injected into TCP stream) > > Abstract > ======== > > The longstanding TCP protocol specification has several weaknesses. > (RFC793): > > - - fabricated RST packets from a malicious third party can tear down a > TCP session > - - fabricated SYN packets from a malicious third party can tear down a > TCP session > - - a malicious third party can inject data to TCP session without much > difficulty > > NetBSD also had an additional implementation flaw, which made these > attacks easier.
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
- Previous message: Lars Eggert: "Re: simulating an LFN over 1Gb LAN Ethernet?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
