Bug 188430 - Freeze attacks against portsnap(8)
Summary: Freeze attacks against portsnap(8)
Status: Open
Alias: None
Product: Base System
Classification: Unclassified
Component: bin (show other bugs)
Version: Unspecified
Hardware: Any Any
: Normal Affects Many People
Assignee: Colin Percival
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-04-10 17:30 UTC by David
Modified: 2018-05-28 19:43 UTC (History)
1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description David 2014-04-10 17:30:00 UTC 
Portsnap is vulnerable to freeze attacks.

Fix: 

Solution Summary: The server-side inclusion of date-stamps, and strict client-side enforcement of expiration policies would mitigate this attack vector.
Comment 1 Mark Linimon freebsd_committer freebsd_triage 2014-04-14 00:37:33 UTC 
Responsible Changed
From-To: freebsd-bugs->cperciva

Over to maintainer.
Comment 2 Eitan Adler freebsd_committer freebsd_triage 2018-05-28 19:43:19 UTC 
batch change:

For bugs that match the following
-  Status Is In progress 
AND
- Untouched since 2018-01-01.
AND
- Affects Base System OR Documentation

DO:

Reset to open status.


Note:
I did a quick pass but if you are getting this email it might be worthwhile to double check to see if this bug ought to be closed.