netbsd-bugs: kern/30877: NetBSD is vulnerable to "Undead Attack"

Subject: kern/30877: NetBSD is vulnerable to "Undead Attack"
To: None <kern-bug-people@netbsd.org, gnats-admin@netbsd.org,>
From: Matthias Scheler <tron@NetBSD.org>
List: netbsd-bugs
Date: 07/30/2005 16:17:00

>Number:         30877
>Category:       kern
>Synopsis:       NetBSD is vulnerable to "Undead Attack"
>Confidential:   yes
>Severity:       serious
>Priority:       high
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sat Jul 30 16:17:00 +0000 2005
>Originator:     Matthias Scheler
>Release:        NetBSD 3.0_BETA
>Organization:
Matthias Scheler                                  http://scheler.de/~matthias/
>Environment:
System: NetBSD excalibur.tents.whatthehack.org 3.0_BETA NetBSD 3.0_BETA (EXCALIBUR) #0: Wed Jul 27 10:04:33 BST 2005 tron@excalibur.zhadum.de:/src/sys/compile/EXCALIBUR macppc
Architecture: powerpc
Machine: macppc

>Description:
NetBSD's TCP implementation is vulnerable against the "Undead Attack",
see here for more information.

http://wiki.whatthehack.org/index.php/Undead_Attack
http://www.securityfocus.com/bid/13215

The problem can be reproduced under at least NetBSD-sparc 2.0.2 and
NetBSD-macpc 3.0_BETA.

>How-To-Repeat:
Attack a NetBSD system with the "Undead Attack".

>Fix:
None provided.