Re: PAWS security vulnerability

Tim Traver Thu, 19 May 2005 13:31:30 -0700

Ted,

thanks for taking a look at this. I'm not sure I have the ability to test out your patch. Maybe someone else on this fine list can ?

But this sounds like a pretty severe DOS issue that seems to be relatively simple to implement.

Do you know if the 5.x branch is affected by this as well ?

Tim.


Ted Mittelstaedt wrote:

Hi Tim,

 Here is a slight mod of the OpenBSD patch for OpenBSD 3.6 that has been
rewritten for FreeBSD 4.11.  YMMV  If it works I would submit it to the
FreeBSD
security list.  The only change I made is OpenBSD defines "tiflags"
FreeBSD defines
"thflags" I assume they are the same thing.  The file is in
/usr/src/sys/netinet

Turning off the timestamps would be a good way to make your network go
slow.

*** tcp_input.c.original        Thu May 19 11:52:30 2005
--- tcp_input.c Thu May 19 12:00:14 2005
***************
*** 976,984 ****
--- 976,992 ----
                * record the timestamp.
                * NOTE that the test is modified according to the latest
                * proposal of the [EMAIL PROTECTED] list (Braden
1993/04/26).
+                * NOTE2 additional check added as a result of PAWS
vulnerability
+                * documented in Cisco security notice
cisco-sn-20050518-tcpts
+                * from OpenBSD patch for OpenBSD 3.6 015_tcp.patch
                */
               if ((to.to_flags & TOF_TS) != 0 &&
                   SEQ_LEQ(th->th_seq, tp->last_ack_sent)) {
+                       if (SEQ_LEQ(tp->last_ack_sent, th->th_seq + tlen
+
+                               ((thflags & (TH_SYN|TH_FIN)) != 0)))
+                                 tp->ts_recent = to.to_tsval;
+                       else
+                               tp->ts_recent = 0;
                       tp->ts_recent_age = ticks;
                       tp->ts_recent = to.to_tsval;
               }

Ted

-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Tim Traver
Sent: Thursday, May 19, 2005 10:09 AM
To: bsd
Subject: PAWS security vulnerability


Hi all,

ok, this article was just published about a PAWS TCP DOS
vulnerability,
and lists freeBSD 4.x as affected.

http://www.securityfocus.com/bid/13676/info/

Does anyone know how to turn the TCP timestamps off on FreeBSD 4.x ?

and is 5.4 affected too ?

Tim.

_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
"[EMAIL PROTECTED]"

_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: PAWS security vulnerability

Reply via email to