[14350] in bugtraq
Re: Advisory Update: ServerIron TCP/IP predictability fixed
daemon@ATHENA.MIT.EDU (Max Vision)
Mon Mar 20 07:16:18 2000
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Enip.BSO.23.0003161849070.16783-100000@www.whitehats.com>
Date: Thu, 16 Mar 2000 19:18:23 -0800
Reply-To: Max Vision <vision@WHITEHATS.COM>
From: Max Vision <vision@WHITEHATS.COM>
X-To: BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <38CEF25D.518B1625@secureaustin.com>
On Tue, 14 Mar 2000, H D Moore wrote:
> BeOS 4.0 also has a shoddy tcp/ip stack which increases the ISS by 1 per
> connection. This may been fixed by now, I haven't tested it in over a
> year.
I ran across a few systems like this in an audit last year. As of the
current BeOS release (R4.5.2), the sequence number vulnerability still
exists.
http://bebugs.be.com/devbugs/detail.php3?oid=1437472
http://bebugs.be.com/devbugs/detail.php3?oid=1111616
Poor ISN generation is an outstanding issue for BeOS.
Max Vision
http://whitehats.com/
