Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Advisory Update: ServerIron TCP/IP predictability fixed
From: vision () WHITEHATS COM (Max Vision)
Date: Thu, 16 Mar 2000 19:18:23 -0800


On Tue, 14 Mar 2000, H D Moore wrote:
BeOS 4.0 also has a shoddy tcp/ip stack which increases the ISS by 1 per
connection.   This may been fixed by now, I haven't tested it in over a
year.

I ran across a few systems like this in an audit last year.  As of the
current BeOS release (R4.5.2), the sequence number vulnerability still
exists.

http://bebugs.be.com/devbugs/detail.php3?oid=1437472
http://bebugs.be.com/devbugs/detail.php3?oid=1111616

Poor ISN generation is an outstanding issue for BeOS.

Max Vision
http://whitehats.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]