FYI
--- Begin Message ---
The additional implementation flaw of BSD based TCP/IP stacks has
been fixed in FreeBSD in revision 1.81 of tcp_input.c in 1998 for
FreeBSD 2.2 and 3.0 and all releases since about six years ago.
--
Andre
NetBSD Security-Officer wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
>
> NetBSD Security Advisory 2004-006
> =================================
>
> Topic: TCP protocol and implementation vulnerability
>
> Severity: Serious (TCP disconnected by malicious party, unwanted data
> injected into TCP stream)
>
> Abstract
> ========
>
> The longstanding TCP protocol specification has several weaknesses.
> (RFC793):
>
> - - fabricated RST packets from a malicious third party can tear down a
> TCP session
> - - fabricated SYN packets from a malicious third party can tear down a
> TCP session
> - - a malicious third party can inject data to TCP session without much
> difficulty
>
> NetBSD also had an additional implementation flaw, which made these
> attacks easier.
--- End Message ---
_______________________________________________
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
