From owner-freebsd-security  Thu Jan 20 16:40:36 2000
Delivered-To: freebsd-security@freebsd.org
Received: from lariat.lariat.org (lariat.lariat.org [206.100.185.2])
	by hub.freebsd.org (Postfix) with ESMTP
	id 469B415472; Thu, 20 Jan 2000 16:40:32 -0800 (PST)
	(envelope-from brett@lariat.org)
Received: from workhorse (IDENT:ppp0.lariat.org@lariat.lariat.org [206.100.185.2])
	by lariat.lariat.org (8.9.3/8.9.3) with ESMTP id RAA11402;
	Thu, 20 Jan 2000 17:40:13 -0700 (MST)
Message-Id: <4.2.2.20000120173905.01882570@localhost>
X-Sender: brett@localhost
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.2 
Date: Thu, 20 Jan 2000 17:40:11 -0700
To: Warner Losh <imp@village.org>
From: Brett Glass <brett@lariat.org>
Subject: Re: bugtraq posts: stream.c - new FreeBSD exploit? 
Cc: jamiE rishaw - master e*tard <jamiE@arpa.com>,
	Tom <tom@uniserve.com>, Mike Tancsa <mike@sentex.net>,
	freebsd-security@FreeBSD.ORG, freebsd-stable@FreeBSD.ORG,
	security-officer@FreeBSD.ORG
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

That means that the code path that validates the ACK in the kernel
must be long. Long enough so that you can hose the CPU over, say,
a T1. How does one short-circuit this?

--Brett

At 05:34 PM 1/20/2000 , Warner Losh wrote:
   
>It is a remote exploit.
>
>Warner



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message