[69992] in North American Network Operators' Group
Re: TCP/BGP vulnerability - easier than you think
daemon@ATHENA.MIT.EDU (Petri Helenius)
Fri Apr 23 11:48:22 2004
Date: Fri, 23 Apr 2004 18:45:31 +0300
From: Petri Helenius <pete@he.iki.fi>
To: Leo Bicknell <bicknell@ufp.org>
Cc: nanog@merit.edu
In-Reply-To: <20040423151511.GA63001@ussenterprise.ufp.org>
Errors-To: owner-nanog-outgoing@merit.edu
Leo Bicknell wrote:
>I point out NetBSD released this:
>
>ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-006.txt.asc
>
>Of interest is this paragraph:
>
>] Additionally, the 4.4BSD stack from which NetBSD's stack is derived, did
>] not even check that a RST's sequence number was inside the window. RSTs
>] anywhere to the left of the window were treated as valid.
>
>It's a good thing the 4.4BSD stack was unpopular, otherwise it might be
>in a lot of programs.
>
>
>
Most code bases fixed this much earlier, like FreeBSD in 1998;
http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet/tcp_input.c.diff?r1=1.80&r2=1.81&f=h
Pete
