Netflix has publicly announced a very serious network vulnerability for FreeBSD which allows attackers to seriously slow down it's delivery of networking services. *BSD users BTFO!
Netflix announced 3 TCP-related vulnerabilities in the Linux kernel, one of which can be used to knock a server off the Internet. New kernels patching these flaws were released today.
CVEs are CVE-2019-11477, CVE-2019-11478, CVE-2019-11479 and CVE-2019-5599. They will probably be made public soon now that patched kernels are available.
Caleb Wood
Wut?. Impossible. Open source shit has been peer reviewed!
Hudson Campbell
>Open source shit has been peer reviewed! yes, that's exactly how this was found.
are you sure openBSD doesn't have the same problem? isn't it basically the same kernel?
Dylan Watson
Nope, sure isn't. For one, it exposes less than half of the amount of system calls that FreeBSD exposes. Both NetBSD and OpenBSD are not affected by this vulnerability. Classic FreeBSD moment, really.
Daniel Rodriguez
But I cannot upgrade my debian kernel without doing dist upgrade that's not stable way for me as it is dangerous luckily one of that CVE can be disabled using single command and other two just waste bandwidth which can be easily analyzed and IP banned
Yes. You're fine. echo 0 > /proc/sys/net/ipv4/tcp_sack disabling SACK's will actually prevent both CVE-2019-11477 and CVE-2019-11478 since both of those problems are specific to SACKs. CVE-2019-11479 requires that the attacker wastes almost as much bandwidth as you waste so it's limited how long someone would bother.
Isaac Wood
>But I cannot upgrade my debian kernel without doing dist upgrade that's not stable way for me as it is dangerous Retarded frogshit.
Angel Morales
Yep, netflix found it tell me about those dozens of windows vulnerabilities that aren't public and only certain people / companies know them to exploit users oh wait, you can't
David Campbell
How exactly do you think open source peer reviewing works?
Nathaniel Cruz
Why not just peer review the code before it's officially introduced and actually putting people at risk?.
Jace Scott
Why doesn't windows test their code at least once before releasing it to public?
Ryder Sullivan
Why doesn't apple test their hardware at least once before release?
Caleb Harris
> dist upgrade > hat's not stable way > am I safe r-right? No, just retarded.
Juan Nelson
why doesn't kys himself before posting
James Jackson
That's not how open source code works in the real world, sweetie.
>Why not just peer review the code before it's officially introduced lol right, let's go back to 1999 and peer-review that Linux kernel.
nope not happening
Adam Richardson
LOL. This vulnerability has been there since 1999?????????????????????. Oh shit. Jow Forums this entire time was saying open Linux was safe. Everybody on Jow Forums already combed through the sauce code with a finetooth comb and ensured there was no flaws?. This was the magic of open source shit?. So everybody could see the flaw right?.
Austin Morgan
This what happend when you surrend meritocracy and let the trannies in.
Aiden Howard
This
This those vulnerabilities are commodified sold around in bulk like your gay asshole. You have so many back orifice gaps, you look like goatse. The worst part, you'll never even know it.
Henry Cox
Aren't both MacOS and Windows NT's network stacks based off of BSD's?
Ryan White
iirc Windows switched to their own stack around 8(.1)
Luke Morales
>peer review the code before you make it available so it can be peer reviewed
Blake Morgan
>isn't it basically the same kernel? Hasn't been for 20 years...
Nathaniel Rogers
It is, but it can still take time until vulnerabilities are found.