Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 20 Apr 2004 21:24:19 +0100
From:      Matthew Seaman <m.seaman@infracaninophile.co.uk>
To:        Aaron Sloan <security@adtu.org>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: tcp vulnerablity and freebsd?
Message-ID:  <20040420202419.GC35510@happy-idiot-talk.infracaninophile.co.uk>
In-Reply-To: <1082472751.42726.1.camel@slick.slickhome.net>
References:  <1082472751.42726.1.camel@slick.slickhome.net>
next in thread | previous in thread | raw e-mail | index | archive | help 

--Sr1nOIr3CvdE5hEN
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Apr 20, 2004 at 02:53:46PM +0000, Aaron Sloan wrote:
> Is the TCP vulnerability something to worry about in Freebsd?
>=20
> http://www.osvdb.org/displayvuln.php?osvdb_id=3D4030

Nothing has been announced -- it's a matter under discussion on the
freebsd-security@ list right now, so the Security Team certainly knows
about the problem.  However an educated guess would be that since
'Nokia IPSO' products are vulnerable, other BSD derived systems
probably are as well.

Note that this attack seems to apply to the majority of pieces of kit
capable of emitting TCP/IP traffic, so even if your FreeBSD kit gets
fixed in short order, you'll probably still be vulnerable to attacks
against your ISP or intermediate systems between you and the sites you
want to communicate with.  Very bad news that this was broken to the
public before all the vendors had a chance to put fixes in place.

	Cheers,

	Matthew

--=20
Dr Matthew J Seaman MA, D.Phil.                       26 The Paddocks
                                                      Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey         Marlow
Tel: +44 1628 476614                                  Bucks., SL7 1TH UK

--Sr1nOIr3CvdE5hEN
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (FreeBSD)

iD8DBQFAhYbzdtESqEQa7a0RAn5vAJ9TJvnOJ5h2Jy3FmPcmjtvF/8z7OACfaEum
55nfC7YW6wCmXBfIzYxrK5I=
=aD/x
-----END PGP SIGNATURE-----

--Sr1nOIr3CvdE5hEN--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040420202419.GC35510>