Bugtraq mailing list archives
Re: TCP Connections to a Broadcast Address on BSD-Based Systems
From: itojun () iijlab net
Date: Thu, 21 Mar 2002 10:30:34 +0900
Actions: I notified security-officer@{free,open,net}bsd.org on Feburary 17th. From examining OpenBSD source code, it appears to have the flaw. I have confirmed that NetBSD is vulnerable. I have been unable to actually test the vulnerability on an operational OpenBSD system. I have not heard anything from either NetBSD or OpenBSD, and no changes related to this bug appear to have been committed to their code. Patches for NetBSD and OpenBSD are attached below.
the changes were made into both openbsd and netbsd repository as shown below: http://www.openbsd.org/cgi-bin/cvsweb/src/sys/netinet/tcp_input.c.diff?r1=1.109&r2=1.110 http://cvsweb.netbsd.org/bsdweb.cgi/syssrc/sys/netinet/tcp_input.c.diff?r1=1.136&r2=1.137 thank you for the report. itojun
Current thread:
- TCP Connections to a Broadcast Address on BSD-Based Systems Crist J. Clark (Mar 18)
- Re: TCP Connections to a Broadcast Address on BSD-Based Systems itojun (Mar 20)
- Re: TCP Connections to a Broadcast Address on BSD-Based Systems David Maxwell (Mar 21)