BSD Vulnerability

Condon Thomas A KPWA tcondon
Mon May 17 12:01:21 PDT 2004 

Folks,

The DoD just sent around a notice of a vulnerability in BSD.  I'm suspicious
that this has already been fixed in the open source community.

However, my question goes in a different direction.  IIRC, during the early
comments on the SCO suit I read that Windows uses the "FreeBSD stacks" for
TCP/IP communications.  Would this mean that Windows is vulnerable to the
same form of attack?  [Of course, what form of attack is Windows *NOT*
vulnerable to?]

I've attached the text of the technical part of the vulnerability notice
below.


In Harmony's Way and In A Chord,

Tom  ;-})

Proud Member of the Kitsap Chordsmen
Registered Linux User # 154358
You Can't Catch A Virus From Plain Text Email!

---------Extract------------------
TECHNICAL OVERVIEW
FreeBSD and OpenBSD are freely available open source implementations of the
BSD operating system. Other variants of the BSD implementation are also used
within the DOD under proprietary names.  All BSD and their variant
implementations are prone to a denial of service attack when out-of-sequence
packets are sent to a vulnerable system. This vulnerability makes it
possible for a remote attacker to deny service to legitimate users.
When packets are sent to a BSD system that are out of sequence, they are
stored in memory buffers in the system memory. This is done to maintain the
data until packets with the missing sequence numbers are received. It is
possible to consume all memory buffers on a vulnerable BSD system by sending
numerous TCP packets that are out of sequence. Once the memory buffers are
filled, the system is unable to respond to any further connection request.
In order to exploit this vulnerability an attacker has to have the ability
to remotely send TCP data to a vulnerable host. An attacker would send
out-of-sequence packets to a vulnerable system after creating TCP
connections with the system. The out-of-sequence packets are sent until they
consume the memory buffers on the target system. When the memory buffers are
filled a denial of service takes place because the vulnerable host is unable
to initiate any further communications with remote systems. 
VULNERABLE SYSTEMS
FreBSD 
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:04.tcp.asc
FreeBSD 4.6.2
FreeBSD 4.7.0
FreeBSD 4.8.0
FreeBSD 4.9.0
FreeBSD 5.0.0
FreeBSD 5.1.0
FreeBSD 5.2.0 
OpenBSD 
http://www.linuxsecurity.com/advisories/openbsd_advisory-4119.html 
OpenBSD 3.3
OpenBSD 3.4 
Juniper 
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:04.tcp.asc
All Juniper M-series and T-series routers running JUNOS software built prior
to March 5, 2004.

More information about the Linux-users mailing list