Re: TCP timestamp vulnerability
--Apple-Mail-1--1028004459
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
On May 19, 2005, at 5:53 AM, Christian Brueffer wrote:
> Hi,
>
> fixes for the vulnerability described in http://www.kb.cert.org/
> vuls/id/637934
> were checked in to CURRENT and RELENG_5 by ps in April.
>
> http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet/tcp_input.c
>
> Revisions 1.270 and 1.252.2.16
>
> He didn't commit it to RELENG_5_4 for some reason, so 5.4 shipped with
> it.
>
> My guess is that he didn't notify you guys either.
>
> I stumbled upon this through a Heise News article at
> http://www.heise.de/newsticker/meldung/59672. Sent them an update
> about
> the fixed branches, but they'd like to know why this wasn't
> communicated
> back to US-CERT yadda yadda yadda.
Thanks, Christian. No, ps@ didn't point it out. It gets a little
confusing too, since I see that the work was submitted by multiple
folks, one of which reported another related vulnerability to us on
May 18 (7 days after that commit). Now to try to untangle what is
what ...
--
Jacques A Vidrine / NTT/Verio
nectar@celabo.org / jvidrine@verio.net / nectar@freebsd.org
--Apple-Mail-1--1028004459
content-type: application/pgp-signature; x-mac-type=70674453;
name=PGP.sig
content-description: This is a digitally signed message part
content-disposition: inline; filename=PGP.sig
content-transfer-encoding: 7bit
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (Darwin)
iD8DBQFCkgSPjDKM/xYG25URArAnAKCN1YwkK/jr3fGSNkU2bdPoHS0aoQCdHH5n
YlN9I4ebA3qqgEFDI4eNUao=
=mwFb
-----END PGP SIGNATURE-----
--Apple-Mail-1--1028004459--
討論串 (同標題文章)