Feeds

back to article Staunch your Heartbleed patching: FreeBSD has a nasty credentials leak

Got FreeBSD? Get busy on the patch, because a problem with its TCP ordering has emerged, with both denial-of-service and data leakage as possible effects. The issue exists in how the popular Unix-like operating system handles TCP packets received out-of-order. Packets are held in a reassembly queue until they can be re-ordered …

COMMENTS

This topic is closed for new posts.
Bronze badge

So if I get this correctly, the kernel tries to read the memory after returning from the function without allocating/clearing/filling it first?

0
0
Anonymous Coward

From reading the advisory text I would think it was this old C gem...

void foo (void)

{

struct packet hope_this_works = bar ();

add_to_list (&hope_this_works); /* Uh oh */

}

When foo returns, the stack space assigned for hope_this_works is no longer meaningful, and subsequent attempts to dereference the pointer stored by add_to_list will access junk.

0
0
Bronze badge
Alert

Does Windows still use the BSD implementation of TCP/IP?

1
0
Bronze badge

Re: Does Windows still use the BSD implementation of TCP/IP?

Nope I think it all got re-written circa Server 2008/Vista?

1
0
Silver badge

Re: Does Windows still use the BSD implementation of TCP/IP?

I think they lied to you, otherwise there wouldn't be any 'effects all versions' bugs.

1
0
Anonymous Coward

Re: Does Windows still use the BSD implementation of TCP/IP?

I believe it was removed earlier than that;

http://docs.freebsd.org/cgi/getmsg.cgi?fetch=8602+0+archive/2003/freebsd-newbies/20030928.freebsd-newbies

0
0
Bronze badge

Still, if they rewrote it around Vista, if it existed for long enough in the code base then Windows XP has this and will never be patched. Maybe the first issue affecting XP that makes people wish they had upgraded sooner.

0
0
Anonymous Coward

Where did the list of Suppliers come from?

Who came up with McAfee, Checkpoint Bluecoat and IronPort?

Whilst I don't know all the products from all the manufactures above, I've had hands on experience with a decent selection of there stuff:

From McAffe's product range, every thing that I have used so far is running a customised RHEL, and most of those are based on RHEL 6.

Current versions of Checkpoint firewall (R76 - R77) are using a horribly hacked up RHEL5.

IronPort, last time I used it was running a variant of RHEL4, though this was a fair time ago, so they could have changed.

Finally I've been told by people at Bluecoat that it is either a completely proprietary OS (marketing people...) or its a customised RHEL OS as well.

0
0
This topic is closed for new posts.