Results 1 to 10 of 10
  1. #1

    Another FreeBSD Security Advisory (FreeBSD-SA-04:04.tcp)

    Looks like at this time not only FreeBSD has been affected..

    I. _ Background

    The Transmission Control Protocol (TCP) of the TCP/IP protocol suite
    provides a connection-oriented, reliable, sequence-preserving data
    stream service. _When network packets making up a TCP stream (``TCP
    segments'') are received out-of-sequence, they are maintained in a
    reassembly queue by the destination system until they can be re-ordered
    and re-assembled.

    II. _Problem Description

    FreeBSD does not limit the number of TCP segments that may be held in a
    reassembly queue.

    III. Impact

    A remote attacker may conduct a low-bandwidth denial-of-service attack
    against a machine providing services based on TCP (there are many such
    services, including HTTP, SMTP, and FTP). _By sending many
    out-of-sequence TCP segments, the attacker can cause the target machine
    to consume all available memory buffers (``mbufs''), likely leading to
    a system crash.
    It has been long time since someone found problem within TCP stack

    more details:
    http://www.idefense.com/application/...ulnerabilities

    regards,
    M.
    Powered by AMD & FreeBSD.
    "Documentation is like sex:
    when it is good, it is very, very good;
    and when it is bad, it is better than nothing."

  2. #2
    Join Date
    Mar 2003
    Location
    Canada
    Posts
    8,910
    I find it interesting that the FreeBSD security page hasn't been updated with this information.

    http://www.freebsd.org/security/

  3. #3
    probably they did not post it yet.
    who knows.. I upgraded bunch of machines already, all is running stable, as usual

    regards,
    M.
    Powered by AMD & FreeBSD.
    "Documentation is like sex:
    when it is good, it is very, very good;
    and when it is bad, it is better than nothing."

  4. #4
    Join Date
    Apr 2001
    Location
    Pittsburgh, PA
    Posts
    1,304
    It usually takes a few hours for the advisory to propagate, at which point it gets listed on that page. It goes out in e-mail first (actually it was mentioned on freebsd-security beforehand). mbuf DOSes are by no means news, but it's nice to help reduce one avenue to them.

    Kevin

  5. #5
    Join Date
    Dec 2003
    Location
    Boston, MA
    Posts
    603
    Hello,

    Here is some sysctl settings for FreeBSD that can limit this type of attack. Some are standard and some are custom, you can alter the send and recv space for tcp to your own likings.

    net.inet.tcp.rfc1323=1
    net.inet.tcp.delayed_ack=0
    net.inet.tcp.sendspace=65535
    net.inet.tcp.recvspace=65535
    net.local.stream.sendspace=65535
    net.local.stream.recvspace=65535
    net.inet.ip.redirect=0
    net.inet.ip.sourceroute=0
    net.inet.ip.accept_sourceroute=0
    net.link.ether.inet.max_age=1200
    net.inet.tcp.blackhole=2
    net.inet.tcp.icmp_may_rst=0
    net.inet.tcp.inflight_enable=1
    net.inet.tcp.syncookies=0
    net.inet.ip.rtexpire=5
    net.inet.ip.rtminexpire=5

    This is on 5.0+, 5.0 and below you might want to check your sysctl variables.
    Axcelx Technologies - James
    Boston Colocation | Boston VPS
    Massachusetts Server Colocation and Dedicated Servers

  6. #6
    Join Date
    Apr 2003
    Location
    Melbourne, AU
    Posts
    539
    i'm using freebsd 5.1, and i noticed in the advisory that there's no update for my release.

    hmm, so should i upgrade my system to 5.2.1?

  7. #7
    Join Date
    Mar 2003
    Location
    Canada
    Posts
    8,910
    Originally posted by wKkaY
    i'm using freebsd 5.1, and i noticed in the advisory that there's no update for my release.

    hmm, so should i upgrade my system to 5.2.1?
    I noticed that it was missing a few versions, but then again it does say it affects ALL versions.

    "Affects: All FreeBSD releases"

    I don't think there is any need to upgrade to 5.2.1, but you should patch your 5.1 system.

  8. #8
    Join Date
    Dec 2003
    Location
    Boston, MA
    Posts
    603
    I'm sorry for taking this a "little" off topic but how does 5.2 compare to 5.1 stability wise.
    Axcelx Technologies - James
    Boston Colocation | Boston VPS
    Massachusetts Server Colocation and Dedicated Servers

  9. #9
    Join Date
    Apr 2001
    Location
    Pittsburgh, PA
    Posts
    1,304
    Originally posted by Crucial
    I'm sorry for taking this a "little" off topic but how does 5.2 compare to 5.1 stability wise.
    It would be better, I suspect. 5.1 is official EOL as cperciva recently pointed out. 5.x-CURRENT is developer land so you should really be keeping up-to-date.

    Kevin

  10. #10
    Originally posted by sigma
    It usually takes a few hours for the advisory to propagate, at which point it gets listed on that page.
    s/for the advisory to propagate/until the next time the web site is rebuilt from the www CVS tree/

    It goes out in e-mail first (actually it was mentioned on freebsd-security beforehand).
    And it was discussed on freebsd-net for a few days, until someone remembered that cross-posting to secteam@ and public lists is Not Done.
    Dr. Colin Percival, FreeBSD Security Officer
    Online backups for the truly paranoid: http://www.tarsnap.com/

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •