On Tue, Apr 20, 2004 at 02:53:46PM +, Aaron Sloan wrote:
> Is the TCP vulnerability something to worry about in Freebsd?
>
> http://www.osvdb.org/displayvuln.php?osvdb_id=4030
Nothing has been announced -- it's a matter under discussion on the
freebsd-security@ list right now, so the Security Team certainly knows
about the problem. However an educated guess would be that since
'Nokia IPSO' products are vulnerable, other BSD derived systems
probably are as well.
Note that this attack seems to apply to the majority of pieces of kit
capable of emitting TCP/IP traffic, so even if your FreeBSD kit gets
fixed in short order, you'll probably still be vulnerable to attacks
against your ISP or intermediate systems between you and the sites you
want to communicate with. Very bad news that this was broken to the
public before all the vendors had a chance to put fixes in place.
Cheers,
Matthew
--
Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks
Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey Marlow
Tel: +44 1628 476614 Bucks., SL7 1TH UK
pgp0.pgp
Description: PGP signature