dcsimg
Linux Today: Linux News On Internet Time.




More on LinuxToday


BSD Today: FreeBSD Security Advisory: FreeBSD-SA-00:52.tcp-iss

Oct 06, 2000, 22:35 (0 Talkback[s])

WEBINAR:
On-Demand

Re-Imagining Linux Platforms to Meet the Needs of Cloud Service Providers


[ Thanks to Jeremy C. Reed for this link. ]

"It has long been known that an attacker who can guess the initial sequence number which a system will use for the next incoming TCP connection can spoof a TCP connection handshake coming from a machine to which he does not have access, and then send arbitrary data into the resulting TCP connection which will be accepted by the server as coming from the spoofed machine."

"Systems derived from 4.4BSD-Lite2 including FreeBSD include code which attempts to introduce an element of unpredictability into the initial sequence numbers to prevent sequence number guessing by a remote attacker. However the pseudo-random number generator used is a simple linear congruent generator, and based on observations of a few initial sequence values from legitimate connections with a server, an attacker can guess with high probability the value which will be used for the next connection...."

"All versions of FreeBSD prior to the correction date including 4.1.1 and 3.5.1 are vulnerable to this problem."

Complete Security Advisory