FYI
attached mail follows:
The additional implementation flaw of BSD based TCP/IP stacks has been fixed in FreeBSD in revision 1.81 of tcp_input.c in 1998 for FreeBSD 2.2 and 3.0 and all releases since about six years ago. -- Andre NetBSD Security-Officer wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > NetBSD Security Advisory 2004-006 > ================================= > > Topic: TCP protocol and implementation vulnerability > > Severity: Serious (TCP disconnected by malicious party, unwanted data > injected into TCP stream) > > Abstract > ======== > > The longstanding TCP protocol specification has several weaknesses. > (RFC793): > > - - fabricated RST packets from a malicious third party can tear down a > TCP session > - - fabricated SYN packets from a malicious third party can tear down a > TCP session > - - a malicious third party can inject data to TCP session without much > difficulty > > NetBSD also had an additional implementation flaw, which made these > attacks easier.Received on Thu Apr 22 2004 - 07:03:56 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:37:52 UTC