delphij's Chaos


23 Apr 2004

Recent vulnerablity of TCP/IP implementation

TCP is vulnerable?! Yes if your system relays on persist TCP connections, for example, routers supporting BGP. CERT has released a advisory about this.

From the overview, we see:

“Most implementations of the Border Gateway Protocol (BGP) rely on the Transmission Control Protocol (TCP) to maintain persistent unauthenticated network sessions. There is a vulnerability in TCP which allows remote attackers to terminate network sessions. Sustained exploitation of this vulnerability could lead to a denial of service condition; in the case of BGP systems, portions of the Internet community may be affected. Routing operations would recover quickly after such attacks ended.”

Simply put, it seems that now we have a good reason to enable IPsec or similiar things over the whole Internet.

NetBSD has soon responsed with a security advisory after the CERT advisory, which could be found here. Saying that there’s some long-standing weakness of RFC793. In addition, NetBSD itself has some “additional implementation flaw that make attacks easier”.

Andre Opperman (andre@, one of the networking stack maintainers of FreeBSD) clarified that these NetBSD flaws does not exist in FreeBSD. They are derived from 4.4BSD-Lite, however, FreeBSD has fixed these in rev. 1.81 of tcp_input.c.