Re: TCP Connections to a Broadcast Address on BSD-Based Systems

From: itojunat_private
Date: Wed Mar 20 2002 - 17:30:34 PST

Next message: Jonathan A. Zdziarski: "[Bug 131761] Buffer Overflow in Geck/Netscape 5.0/6.0?"

Previous message: Jonathan A. Zdziarski: "[Mozilla Bug #131761] Buffer Overflow in Geck/Netscape 5.0/6.0?"
In reply to: Crist J. Clark: "TCP Connections to a Broadcast Address on BSD-Based Systems"
Next in thread: David Maxwell: "Re: TCP Connections to a Broadcast Address on BSD-Based Systems"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>Actions:
>
>I notified security-officer@{free,open,net}bsd.org on Feburary
>17th. From examining OpenBSD source code, it appears to have the
>flaw. I have confirmed that NetBSD is vulnerable. I have been unable
>to actually test the vulnerability on an operational OpenBSD system. I
>have not heard anything from either NetBSD or OpenBSD, and no changes
>related to this bug appear to have been committed to their code. Patches
>for NetBSD and OpenBSD are attached below.

	the changes were made into both openbsd and netbsd repository
	as shown below:

	http://www.openbsd.org/cgi-bin/cvsweb/src/sys/netinet/tcp_input.c.diff?r1=1.109&r2=1.110
	http://cvsweb.netbsd.org/bsdweb.cgi/syssrc/sys/netinet/tcp_input.c.diff?r1=1.136&r2=1.137

	thank you for the report.

itojun

Next message: Jonathan A. Zdziarski: "[Bug 131761] Buffer Overflow in Geck/Netscape 5.0/6.0?"
Previous message: Jonathan A. Zdziarski: "[Mozilla Bug #131761] Buffer Overflow in Geck/Netscape 5.0/6.0?"
In reply to: Crist J. Clark: "TCP Connections to a Broadcast Address on BSD-Based Systems"
Next in thread: David Maxwell: "Re: TCP Connections to a Broadcast Address on BSD-Based Systems"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Mar 20 2002 - 21:17:22 PST