Re: TCP Connections to a Broadcast Address on BSD-Based Systems

[itojun () iijlab net]

> Actions:
>
> I notified security-officer@{free,open,net}bsd.org on Feburary
> 17th. From examining OpenBSD source code, it appears to have the
> flaw. I have confirmed that NetBSD is vulnerable. I have been unable
> to actually test the vulnerability on an operational OpenBSD system. I
> have not heard anything from either NetBSD or OpenBSD, and no changes
> related to this bug appear to have been committed to their code. Patches
> for NetBSD and OpenBSD are attached below.

        the changes were made into both openbsd and netbsd repository
        as shown below:

        http://www.openbsd.org/cgi-bin/cvsweb/src/sys/netinet/tcp_input.c.diff?r1=1.109&r2=1.110
        http://cvsweb.netbsd.org/bsdweb.cgi/syssrc/sys/netinet/tcp_input.c.diff?r1=1.136&r2=1.137

        thank you for the report.

itojun