TCP SACK (CVE-2019-5599)
Cy Schubert
Cy.Schubert at cschubert.com
Tue Jun 18 15:40:30 UTC 2019
On June 18, 2019 7:57:09 AM PDT, hiren via freebsd-security <freebsd-security at freebsd.org> wrote:
>On 06/18/19 at 10:33P, mike tancsa wrote:
>> Hi all,
>> With respect to the bugs describe in
>>
>https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md
>> *<quote>
>> SACK Slowness (FreeBSD 12 using the RACK TCP Stack)
>[snip]
>>
>> *</quote>*
>>
>> *How does I know if this is enabled in my default kernel on RELENG_12
>?
>> There is some vague mention in various forums this is not the default
>on
>> FreeBSD ? Can anyone shed more light as to how this does/does not
>impact
>> FreeBSD ?
>
>RACK is one of the tcp stacks ($src/sys/netinet/tcp_stacks) and not
>enabled by default.
>
>So, by default, FreeBSD is not affected, afaict. This advisory is for
>when you do use RACK.
>
>Cheers,
>Hiren
They post a workaround patch in their advisory. As RACK is their contribution, I suppose one of their people who are committers might want to commit it.
--
Pardon the typos and autocorrect, small keyboard in use.
Cheers,
Cy Schubert <Cy.Schubert at cschubert.com>
FreeBSD UNIX: <cy at FreeBSD.org> Web: http://www.FreeBSD.org
The need of the many outweighs the greed of the few.
More information about the freebsd-security
mailing list