[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [lwip-users] handle RST spoofing? CVE-2004-0230

From: address@hidden
Subject: Re: [lwip-users] handle RST spoofing? CVE-2004-0230
Date: Mon, 19 May 2014 21:05:43 +0200
User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:24.0) Gecko/20100101 Thunderbird/24.4.0

Fabian Koch wrote:
according to a nessus scan, LwIP is vulnerable to CVE-2004-0230, which means that it accepts a spoofed Packet with RST flag if the packets sequence number fits somewhere in the current window.


The easiest way to handle this attack would be only accept an incoming RST if the ackno matches the expected sequence. In the other case currently implemented in tcp_process() where the number only matched into the current window, only an ACK is sent back, expecting a re-send of the RST with a correct pair of sequence and ackno.

(also the way FreeBSD fixed it)


Do you think that would be feasible for LwIP or are you more in the Linux Boat, saying “meh.”?

Sorry for replying so late, this question might have been better off on the lwip-devel list...

As an lwIP user, after reading the CVE description, I think we're good with leaving it the way it is. I think so because I can't say to fully understand the implications of the suggested change.

Things might look differently depending on the kind of application used, though, so we might want to fix this anyway...

Would you care for a patch implementing the suggested change?


reply via email to

[Prev in Thread] Current Thread [Next in Thread]