[24766] in bugtraq
Re: TCP Connections to a Broadcast Address on BSD-Based Systems
daemon@ATHENA.MIT.EDU (itojun@iijlab.net)
Thu Mar 21 00:21:42 2002
To: "Crist J. Clark" <cjclark@alum.mit.edu>
Cc: bugtraq@securityfocus.com
In-reply-to: cjclark's message of Sat, 16 Mar 2002 17:30:53 PST.
<20020316173053.P29705@blossom.cjclark.org>
X-Template-Reply-To: itojun@itojun.org
X-Template-Return-Receipt-To: itojun@itojun.org
From: itojun@iijlab.net
Date: Thu, 21 Mar 2002 10:30:34 +0900
Message-ID: <18463.1016674234@itojun.org>
>Actions:
>
>I notified security-officer@{free,open,net}bsd.org on Feburary
>17th. From examining OpenBSD source code, it appears to have the
>flaw. I have confirmed that NetBSD is vulnerable. I have been unable
>to actually test the vulnerability on an operational OpenBSD system. I
>have not heard anything from either NetBSD or OpenBSD, and no changes
>related to this bug appear to have been committed to their code. Patches
>for NetBSD and OpenBSD are attached below.
the changes were made into both openbsd and netbsd repository
as shown below:
http://www.openbsd.org/cgi-bin/cvsweb/src/sys/netinet/tcp_input.c.diff?r1=1.109&r2=1.110
http://cvsweb.netbsd.org/bsdweb.cgi/syssrc/sys/netinet/tcp_input.c.diff?r1=1.136&r2=1.137
thank you for the report.
itojun
