Re: [security] Big problem on 2.0.x? (fwd)

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Adam J. Richter: "Patch: linux-2.2.14pre13/net/ipv4/ip_masq.c did not compile"
• Previous message: Tim Waugh: "Re: parport in 2.3.*"
• In reply to: Satoshi Nagayasu: "[pcmcia] lost interrupt"

>o TCP blind spoofing vulnerabilities

Ok, you mean the one that doesn't send RST to the last ACK of the three
way handshake if it has an ack_sequence number below the SYN-ACK sequence
number? (so by checking the IP-ID field and counting how many packets are
been sent on the wire by the server it's possible to guess the SYN-ACK
sequence number and complete the three way handshake with a spoofed
address) If I remeber well it's a brainer one liner fix. It should (I
hope) just be in solar's patches. I completly agree to address this as
it's violating rfc793.

>o CLONE_PID needs stopping from user space

Ok.

>o Very occasional NFS crashes with "evil packet..."

Hmm "evil packet" is a bit too much generic in order to fix this ;)).

I only care about these three issues. For all other points users should
upgrade to 2.2.x IMHO.

Andrea

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

• Next message: Adam J. Richter: "Patch: linux-2.2.14pre13/net/ipv4/ip_masq.c did not compile"
• Previous message: Tim Waugh: "Re: parport in 2.3.*"
• In reply to: Satoshi Nagayasu: "[pcmcia] lost interrupt"