freebsd security - Mar 2004 - Re: FreeBSD Security AdvisoryFreeBSD-SA-04:04.tcp

yes unless you use the version as of :>                 2004-03-02 17:24:46
UTC (RELENG_5_2, 5.2.1-RELEASE-p1)

check it out with uname -a

if it does not say -p1
it affects you.

My guess, you are affected :)

cheers

--

Kind regards,

Remko Lodder
Elvandar.org/DSINet.org
www.mostly-harmless.nl Dutch community for helping newcomers on the
hackerscene

-----Oorspronkelijk bericht-----
Van: freebsd-security-bounces@lists.elvandar.org
[mailto:freebsd-security-bounces@lists.elvandar.org]Namens Daniel
Spielman
Verzonden: dinsdag 2 maart 2004 21:06
Aan: freebsd-security@FreeBSD.org
Onderwerp: [Freebsd-security] Re: FreeBSD Security
AdvisoryFreeBSD-SA-04:04.tcp


is FreeBSD 5.2.1 affected by this exploit ?

On Tue, 2 Mar 2004, FreeBSD Security Advisories wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
===========================================================================>
FreeBSD-SA-04:04.tcp                                      Security
Advisory
>                                                           The FreeBSD
Project
>
> Topic:          many out-of-sequence TCP packets denial-of-service
>
> Category:       core
> Module:         kernel
> Announced:      2004-03-02
> Credits:        iDEFENSE
> Affects:        All FreeBSD releases
> Corrected:      2004-03-02 17:19:18 UTC (RELENG_4)
>                 2004-03-02 17:24:46 UTC (RELENG_5_2, 5.2.1-RELEASE-p1)
>                 2004-03-02 17:26:33 UTC (RELENG_4_9, 4.9-RELEASE-p3)
>                 2004-03-02 17:27:47 UTC (RELENG_4_8, 4.8-RELEASE-p16)
> CVE Name:       CAN-2004-0171
> FreeBSD only:   NO
>
> I.   Background
>
> The Transmission Control Protocol (TCP) of the TCP/IP protocol suite
> provides a connection-oriented, reliable, sequence-preserving data
> stream service.  When network packets making up a TCP stream (``TCP
> segments'') are received out-of-sequence, they are maintained in a
> reassembly queue by the destination system until they can be re-ordered
> and re-assembled.
>
> II.  Problem Description
>
> FreeBSD does not limit the number of TCP segments that may be held in a
> reassembly queue.
>
> III. Impact
>
> A remote attacker may conduct a low-bandwidth denial-of-service attack
> against a machine providing services based on TCP (there are many such
> services, including HTTP, SMTP, and FTP).  By sending many
> out-of-sequence TCP segments, the attacker can cause the target machine
> to consume all available memory buffers (``mbufs''), likely leading
to
> a system crash.
>
> IV.  Workaround
>
> It may be possible to mitigate some denial-of-service attacks by
> implementing timeouts at the application level.
>
> V.   Solution
>
> Do one of the following:
>
> 1) Upgrade your vulnerable system to 4-STABLE, or to the RELENG_5_2,
> RELENG_4_9, or RELENG_4_8 security branch dated after the correction
> date.
>
> OR
>
> 2) Patch your present system:
>
> The following patch has been verified to apply to FreeBSD 4.x and 5.x
> systems.
>
> a) Download the relevant patch from the location below, and verify the
> detached PGP signature using your PGP utility.
>
> [FreeBSD 5.2]
> # fetch
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:04/tcp52.patch
> # fetch
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:04/tcp52.patch.asc
>
> [FreeBSD 4.8, 4.9]
> # fetch
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:04/tcp47.patch
> # fetch
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:04/tcp47.patch.asc
>
> b) Apply the patch.
>
> # cd /usr/src
> # patch < /path/to/patch
>
> c) Recompile your kernel as described in
> <URL:http://www.freebsd.org/handbook/kernelconfig.html> and reboot
the
> system.
>
> VI.  Correction details
>
> The following list contains the revision numbers of each file that was
> corrected in FreeBSD.
>
> Branch                                                           Revision
>   Path
> - ------------------------------------------------------------------------
-
> RELENG_4
>   src/UPDATING                                                  1.73.2.90
>   src/sys/conf/newvers.sh                                       1.44.2.33
>   src/sys/netinet/tcp_input.c                                  1.107.2.40
>   src/sys/netinet/tcp_subr.c                                    1.73.2.33
>   src/sys/netinet/tcp_var.h                                     1.56.2.15
> RELENG_5_2
>   src/UPDATING                                                  1.282.2.9
>   src/sys/conf/newvers.sh                                        1.56.2.8
>   src/sys/netinet/tcp_input.c                                   1.217.2.2
>   src/sys/netinet/tcp_subr.c                                    1.169.2.4
>   src/sys/netinet/tcp_var.h                                      1.93.2.2
> RELENG_4_9
>   src/UPDATING                                              1.73.2.89.2.4
>   src/sys/conf/newvers.sh                                   1.44.2.32.2.4
>   src/sys/netinet/tcp_input.c                              1.107.2.38.2.1
>   src/sys/netinet/tcp_subr.c                                1.73.2.31.4.1
>   src/sys/netinet/tcp_var.h                                 1.56.2.13.4.1
> RELENG_4_8
>   src/UPDATING                                             1.73.2.80.2.19
>   src/sys/conf/newvers.sh                                  1.44.2.29.2.17
>   src/sys/netinet/tcp_input.c                              1.107.2.37.2.1
>   src/sys/netinet/tcp_subr.c                                1.73.2.31.2.1
>   src/sys/netinet/tcp_var.h                                 1.56.2.13.2.1
> - ------------------------------------------------------------------------
-
>
> VII. References
>
>
<URL:http://www.idefense.com/application/poi/display?id=78&type=vulnerabilit
ies>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.4
>
> iD8DBQFAROKHFdaIBMps37IRAu9EAJ9VY70IDYdjr6GkKJCJCGyvBV3OcQCeIXwL
> UDTQ4rcO/SP2rFRZ0Mcj1iQ> =Gkct
> -----END PGP SIGNATURE-----
> _______________________________________________
> freebsd-security@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to
"freebsd-security-unsubscribe@freebsd.org"
>
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to
"freebsd-security-unsubscribe@freebsd.org"
_______________________________________________
Freebsd-security mailing list
Freebsd-security@lists.elvandar.org
http://lists.elvandar.org/mailman/listinfo/freebsd-security

> yes unless you use the version as of :>                 2004-03-02
> 17:24:46
> UTC (RELENG_5_2, 5.2.1-RELEASE-p1)
>
> check it out with uname -a
>
> if it does not say -p1
> it affects you.
>
> My guess, you are affected :)
>
> cheers
>
Hello all.
I have a litttle question here, regarting all those patches and kernel
upgrades..

For exampleif I have a router here doing NAT, i cant reboot it frequently,
and I don't wont to reboot it at all.

But as it is said, that you need to patch or cvsup the kernel source,
rebuild kernel, and reboot.
Is there any way to do such thing without rebooting?

Thanks