Hi. On Tue, 28 Sep 1999, Jeremy Buhler wrote: > > A weakness within the TCP stack in Linux 2.2.x kernels > > has been discovered. The vulnerability makes it possible > > to "blind-spoof" TCP connections. > This vulnerability is fixed in kernels 2.2.13pre13 and > later. Hopefully 2.2.13 will be released shortly and/or > the relevant patch from pre13 will be released as an > erratum versus 2.2.12. Alan? A lot of people wrote to us and said that the typo where &secret[3] was meant but &secret+3 was written within the kernel code was the cause for this bug. In our tests, however, we applied nothing but this one-line patch and we still experienced small-difference ISN's (stealth tested this, but I believe in his skills :-). I rather think that changing only a few bits as hash input for the MD4 hash routine is the reason for the weak hash result. Even if the whole secret rest is zero'd out, a strong hash algorithm should make this up and create a totally different hash value. As said in (if I remember correctly) Applied Cryptography every input bit within the hash input should be able to modify every bit in the hash output value, which is here obviously not the case. However, simply using a strong PRNG (as I naivly suggested a few days ago) is not a solution, as Alan pointed out, there are strict rules for TCP sequence numbers to avoid data corruption. ciao, scut / teso security [http://teso.scene.at/] -- - scutat_private-berlin.de - http://nb.in-berlin.de/scut/ - sacbuctd@ircnet -- -- you don't need a lot of people to be great, you need a few great to be -- -- the best ----------------------------------------------------------------- --- nuclear arrival weapon spy agent remain undercover, hi echelon ----------
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:05:43 PDT