Richard Coleman wrote:
Uwe Doering wrote:
Richard Coleman wrote:
Any information on when (or if) the following timestamp vulnerability
will be fixed for 4.X? Any information would be appreciated.
http://www.kb.cert.org/vuls/id/637934
FYI, the fix for RELENG_5 applies to RELENG_4 as is (apart from the
CVS version header, of course):
http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet/tcp_input.c.diff?r1=1.252.2.15&r2=1.252.2.16&f=u
After verifying its semantic correctness for RELENG_4 we've been
running the patch for a couple of weeks now with no ill effects.
I'm posting this also as an encouragement for committers to go ahead
and do the MFC. It's low hanging fruit.
Uwe
We tried applying that diff to 4.10, but compilation failed with
tcp_input.o: In function 'tcp_dooptions':
tcp_input.o(.text+0x21d8): undefined reference to 'TSTMP_GT'
Did you just define that macro? Or was something else required?
Well, this MFC affected two files, actually. I didn't mention it
explicitly because I considered it obvious from the accompanying CVS
comment:
---------------- cut here ----------------
MFC: rev 1.270 of tcp_input.c, rev 1.25 of tcp_seq.h
- Tighten up the Timestamp checks to prevent a spoofed segment from
setting ts_recent to an arbitrary value, stopping further
communication between the two hosts.
- If the Echoed Timestamp is greater than the current time,
fall back to the non RFC 1323 RTT calculation.
---------------- cut here ----------------
So 'tcp_seq.h' needs to be patched, too. Here's the direct link to that
diff:
http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet/tcp_seq.h.diff?r1=1.22.2.1&r2=1.22.2.2&f=u
With both patches in place the kernel ought to compile correctly. Hope
it works for you now.
Uwe
--
Uwe Doering | EscapeBox - Managed On-Demand UNIX Servers
[EMAIL PROTECTED] | http://www.escapebox.net
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
