Bugtraq mailing list archives
Re: Advisory Update: ServerIron TCP/IP predictability fixed
From: vision () WHITEHATS COM (Max Vision)
Date: Thu, 16 Mar 2000 19:18:23 -0800
On Tue, 14 Mar 2000, H D Moore wrote:
BeOS 4.0 also has a shoddy tcp/ip stack which increases the ISS by 1 per connection. This may been fixed by now, I haven't tested it in over a year.
I ran across a few systems like this in an audit last year. As of the current BeOS release (R4.5.2), the sequence number vulnerability still exists. http://bebugs.be.com/devbugs/detail.php3?oid=1437472 http://bebugs.be.com/devbugs/detail.php3?oid=1111616 Poor ISN generation is an outstanding issue for BeOS. Max Vision http://whitehats.com/
Current thread:
- Re: TESO & C-Skills development advisory -- imwheel, (continued)
- Re: TESO & C-Skills development advisory -- imwheel WHiTe VaMPiRe (Mar 19)
- Re: TESO advisory -- wmcdplay Kris Kennaway (Mar 11)
- CSS Exploits + RDS (IE5) Shane Hird (Mar 12)
- Advisory Update: ServerIron TCP/IP predictability fixed Andrew van der Stock (Mar 12)
- Exploit for Mandrake 6.1 (PAM/userhelper bug) Paulo Ribeiro (Mar 14)
- Re: Exploit for Mandrake 6.1 (PAM/userhelper bug) Darron Froese (Mar 17)
- Re: Exploit for Mandrake 6.1 (PAM/userhelper bug) Matt Davis (Mar 17)
- Re: Exploit for Mandrake 6.1 (PAM/userhelper bug) Jeremy Gault (Mar 21)
- Oracle Web Listener 4.0.x Cerberus Security Team (Mar 14)
- Re: Advisory Update: ServerIron TCP/IP predictability fixed H D Moore (Mar 14)
- Re: Advisory Update: ServerIron TCP/IP predictability fixed Max Vision (Mar 16)
- FreeBSD Security Advisory: FreeBSD-SA-00:07.mh [REVISED] FreeBSD Security Officer (Mar 19)
- Bypassing IP filters in Bordermanager 3.5 Roy Sigurd Karlsbakk (Mar 15)
- Local / Remote DoS Attack in MERCUR WebView WebMail-Client 1.0 for Windows 98/NT Vulnerability Ussr Labs (Mar 15)
- Certificate Validation Error in Netscape Browsers... Dennis W. Mattison (Little Wolf) (Mar 15)
- TESO & C-Skills development advisory -- kreatecd Sebastian (Mar 16)
- Trend Micro release patch for "OfficeScan DoS & Message Replay" V ulnerabilies Richard Sheng (Mar 16)
- Exploit for Mandrake 6.1 (PAM/userhelper bug) Paulo Ribeiro (Mar 14)
- Re: TESO advisory -- wmcdplay Wichert Akkerman (Mar 13)