Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: TCP Connections to a Broadcast Address on BSD-Based Systems
From: itojun () iijlab net
Date: Thu, 21 Mar 2002 10:30:34 +0900

Actions:

I notified security-officer () {free,open,net}bsd.org on Feburary
17th. From examining OpenBSD source code, it appears to have the
flaw. I have confirmed that NetBSD is vulnerable. I have been unable
to actually test the vulnerability on an operational OpenBSD system. I
have not heard anything from either NetBSD or OpenBSD, and no changes
related to this bug appear to have been committed to their code. Patches
for NetBSD and OpenBSD are attached below.

        the changes were made into both openbsd and netbsd repository
        as shown below:

        http://www.openbsd.org/cgi-bin/cvsweb/src/sys/netinet/tcp_input.c.diff?r1=1.109&r2=1.110
        http://cvsweb.netbsd.org/bsdweb.cgi/syssrc/sys/netinet/tcp_input.c.diff?r1=1.136&r2=1.137

        thank you for the report.

itojun


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]