From owner-freebsd-security@FreeBSD.ORG Tue Sep 8 19:11:00 2009 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1979E1065672 for ; Tue, 8 Sep 2009 19:11:00 +0000 (UTC) (envelope-from astorms@ncircle.com) Received: from mail.ncircle.com (mail.ncircle.com [64.84.9.150]) by mx1.freebsd.org (Postfix) with ESMTP id D8AC08FC08 for ; Tue, 8 Sep 2009 19:10:59 +0000 (UTC) Received: from CORP-MAIL.ad.ncircle.com (fw-hive-gate-dmz.ncircle.com [64.84.9.129] (may be forged)) by mail.ncircle.com (8.14.2/8.14.2) with ESMTP id n88IuPwU023189 for ; Tue, 8 Sep 2009 11:56:25 -0700 (PDT) (envelope-from astorms@ncircle.com) Received: from 192.168.75.192 ([192.168.75.192]) by CORP-MAIL.ad.ncircle.com ([192.168.75.94]) via Exchange Front-End Server webmail-01.ad.ncircle.com ([192.168.75.93]) with Microsoft Exchange Server HTTP-DAV ; Tue, 8 Sep 2009 18:56:26 +0000 User-Agent: Microsoft-Entourage/12.20.0.090605 Date: Tue, 08 Sep 2009 11:56:24 -0700 From: Andrew Storms To: "freebsd-security@freebsd.org" Message-ID: Thread-Topic: CVE-2008-4609 Thread-Index: Acowtg/BP9L5/3ZI1E6pcE4xjD817w== Mime-version: 1.0 Content-type: text/plain; charset="US-ASCII" Content-transfer-encoding: 7bit X-Spam-Score: -3.89 () ALL_TRUSTED,AWL,BAYES_00 X-Scanned-By: MIMEDefang 2.64 on 64.84.9.150 Subject: CVE-2008-4609 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Sep 2009 19:11:00 -0000 Now that the details are out - MS and Cisco patched today. I went looking back into the FreeBSD security announcements and don't seem to be able to find any references for a patch. Did FreeBSD already patch or discuss this bug and I missed it? http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4609 Thanks -_S From owner-freebsd-security@FreeBSD.ORG Tue Sep 8 21:25:21 2009 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 44BCF106566B for ; Tue, 8 Sep 2009 21:25:21 +0000 (UTC) (envelope-from ohauer@gmx.de) Received: from mail.gmx.net (mail.gmx.net [213.165.64.20]) by mx1.freebsd.org (Postfix) with SMTP id 8E7BF8FC18 for ; Tue, 8 Sep 2009 21:25:20 +0000 (UTC) Received: (qmail invoked by alias); 08 Sep 2009 20:58:38 -0000 Received: from u18-124.dsl.vianetworks.de (EHLO u18-124.dsl.vianetworks.de) [194.231.39.124] by mail.gmx.net (mp039) with SMTP; 08 Sep 2009 22:58:38 +0200 X-Authenticated: #1956535 X-Provags-ID: V01U2FsdGVkX198Mitq9VF8VooAj1EiqwXcuAJGQ49E3sCk58Pc4y Uny+zaRNhl4r5Q Received: by u18-124.dsl.vianetworks.de (Postfix, from userid 1100) id 4560226145; Tue, 8 Sep 2009 22:58:33 +0200 (CEST) Date: Tue, 8 Sep 2009 22:58:32 +0200 From: olli hauer To: astorms@ncircle.com, freebsd-security@freebsd.org Message-ID: <20090908205832.GA8174@sorry.mine.nu> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Errors-To: ohauer@gmx.de (olli hauer) X-Header0: **** ohauer at sorry **** X-Header1: ** sorry ** User-Agent: Mutt/1.5.18 (2008-05-17) X-Y-GMX-Trusted: 0 X-FuHaFi: 0.67 Cc: Subject: RE: CVE-2008-4609 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: olli hauer List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Sep 2009 21:25:21 -0000 > Now that the details are out - MS and Cisco patched today. > I went looking back into the FreeBSD security announcements and don't > seem > to be able to find any references for a patch. > Did FreeBSD already patch or discuss this bug and I missed it? > > http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4609 > > Thanks > > -_S According the more complete list at http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4609 the latest rel. (FreeBSD 6.4/7.2, OpenBSD 4.4+) are not a affected. It seems if you run the latest versions of Free/OpenBSD you are fine. olli From owner-freebsd-security@FreeBSD.ORG Tue Sep 8 21:37:06 2009 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 80DF2106566C for ; Tue, 8 Sep 2009 21:37:06 +0000 (UTC) (envelope-from des@des.no) Received: from tim.des.no (tim.des.no [194.63.250.121]) by mx1.freebsd.org (Postfix) with ESMTP id 4629B8FC16 for ; Tue, 8 Sep 2009 21:37:05 +0000 (UTC) Received: from ds4.des.no (des.no [84.49.246.2]) by smtp.des.no (Postfix) with ESMTP id 321696D418; Tue, 8 Sep 2009 21:37:05 +0000 (UTC) Received: by ds4.des.no (Postfix, from userid 1001) id 03CC9844B4; Tue, 8 Sep 2009 23:37:05 +0200 (CEST) From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= To: Andrew Storms References: Date: Tue, 08 Sep 2009 23:37:04 +0200 In-Reply-To: (Andrew Storms's message of "Tue, 08 Sep 2009 11:56:24 -0700") Message-ID: <86my55nmnz.fsf@ds4.des.no> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.0.92 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Cc: "freebsd-security@freebsd.org" Subject: Re: CVE-2008-4609 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Sep 2009 21:37:06 -0000 Andrew Storms writes: > Now that the details are out - MS and Cisco patched today. I went > looking back into the FreeBSD security announcements and don't seem to > be able to find any references for a patch. Did FreeBSD already patch > or discuss this bug and I missed it? This is old news: http://www.google.com/#&q=3Dsockstress The initial version was just connection flooding - they thought it was a big deal because they came up with a very clever and complicated setup to increase the flood rate, when in fact a short C program using bpf could have done the job just as well. When people pointed out that it was a load of bs, they started making wild claims about more serious attacks, the details of which would be released at the next compsec conference, except not really, because we're still working on it, but the next one, we promise, for real this time... Just read their website (http://www.sockstress.com/), it'll give you an idea of just how far off their rocker they are. DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no