Lowell Gilbert
2018-Jan-12 02:20 UTC
Need FreeBSD-SA-00:52(TCP uses weak initial sequence numbers) latest patch
Brahmanand Reddy <brahma.gdb at gmail.com> writes:>> >> Dear Team, >> >> Thanks for responding. >> >> Please share the corresponding FreeBSD-SA-00:52(*TCP uses weak initial >> sequence numbers*) latest patch. >> >> the original problem reported on : >> https://www.freebsd.org/security/advisories/FreeBSD-SA-00%3A52.tcp-iss.asc >> >> below list of similar CVEs >> >> CVE-2001-0328 >> CVE- 1999-0077 >> CVE-2000-0916 >> >> >> Thanks and regards, >> BrahmaThose reports were fixed in FreeBSD almost 20 years ago, so you already have the fixes. Moreover, it seems silly to worry about minor security patches when you're running a FreeBSD release that has been out of support for over a year.
Brahmanand Reddy
2018-Jan-12 02:46 UTC
Need FreeBSD-SA-00:52(TCP uses weak initial sequence numbers) latest patch
Hi Lowell,
Yes its has been fixed 20 years back, but this patch not available on
10.2/10.4 source code, still the problem exist on 10.4 too, Please find
below snip of patch
Index: tcp_seq.h
==================================================================RCS file:
/usr2/ncvs/src/sys/netinet/tcp_seq.h,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -r1.11 -r1.12
--- tcp_seq.h 1999/12/29 04:41:02 1.11
+++ tcp_seq.h 2000/09/29 01:37:19 1.12
@@ -31,7 +31,7 @@
* SUCH DAMAGE.
*
* @(#)tcp_seq.h 8.3 (Berkeley) 6/21/95
- * $FreeBSD: src/sys/netinet/tcp_seq.h,v 1.11 1999/12/29 04:41:02 peter
Exp $
+ * $FreeBSD: src/sys/netinet/tcp_seq.h,v 1.12 2000/09/29 01:37:19 kris Exp
$
*/
#ifndef _NETINET_TCP_SEQ_H_
@@ -91,7 +91,7 @@
* number in the range [0-0x3ffff] that is hard to predict.
*/
#ifndef tcp_random18
-#define tcp_random18() ((random() >> 14) & 0x3ffff)
+#define tcp_random18() (arc4random() & 0x3ffff)
#endif
#define TCP_ISSINCR (122*1024 + tcp_random18())
Index: tcp_subr.c
==================================================================RCS file:
/usr2/ncvs/src/sys/netinet/tcp_subr.c,v
retrieving revision 1.80
retrieving revision 1.81
diff -u -r1.80 -r1.81
--- tcp_subr.c 2000/09/25 23:40:22 1.80
+++ tcp_subr.c 2000/09/29 01:37:19 1.81
@@ -31,7 +31,7 @@
* SUCH DAMAGE.
*
* @(#)tcp_subr.c 8.2 (Berkeley) 5/24/95
- * $FreeBSD: src/sys/netinet/tcp_subr.c,v 1.80 2000/09/25 23:40:22
bmilekic Exp $
+ * $FreeBSD: src/sys/netinet/tcp_subr.c,v 1.81 2000/09/29 01:37:19 kris
Exp $
*/
#include "opt_compat.h"
@@ -178,7 +178,7 @@
{
int hashsize;
- tcp_iss = random(); /* wrong, but better than a constant */
+ tcp_iss = arc4random(); /* wrong, but better than a constant */
tcp_ccgen = 1;
tcp_cleartaocache();
i suspect 10.4.& above the patch is released, but i didn't found
exactly
/corresponding from https://www.freebsd.org/security/patches/
i would expecting .. confirm the relevant patch for this problem
Kindly correct me anything missing
Regards,
Brahma
On Fri, Jan 12, 2018 at 7:50 AM, Lowell Gilbert <
freebsd-security-local at be-well.ilk.org> wrote:
> Brahmanand Reddy <brahma.gdb at gmail.com> writes:
>
> >>
> >> Dear Team,
> >>
> >> Thanks for responding.
> >>
> >> Please share the corresponding FreeBSD-SA-00:52(*TCP uses weak
initial
> >> sequence numbers*) latest patch.
> >>
> >> the original problem reported on :
> >> https://www.freebsd.org/security/advisories/FreeBSD-
> SA-00%3A52.tcp-iss.asc
> >>
> >> below list of similar CVEs
> >>
> >> CVE-2001-0328
> >> CVE- 1999-0077
> >> CVE-2000-0916
> >>
> >>
> >> Thanks and regards,
> >> Brahma
>
> Those reports were fixed in FreeBSD almost 20 years ago,
> so you already have the fixes.
>
> Moreover, it seems silly to worry about minor security
> patches when you're running a FreeBSD release that has
> been out of support for over a year.
>