Date: Mon, 1 Mar 2004 12:36:15 +0200 From: Sheldon Hearn <sheldonh@starjuice.net> To: Mike Silbersack <silby@silby.com> Cc: freebsd-security@freebsd.org Subject: Re: mbuf vulnerability Message-ID: <20040301103615.GB97298@starjuice.net> In-Reply-To: <20040229190101.V13340@odysseus.silby.com> References: <6.0.3.0.0.20040229182702.07a67a68@209.112.4.2> <20040229190101.V13340@odysseus.silby.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On (2004/02/29 19:03), Mike Silbersack wrote: > > http://docs.freebsd.org/cgi/mid.cgi?200402260743.IAA18903 > > > > it seems RELENG_4 is vulnerable. Is there any work around to a system that > > has to have ports open ? > > There is no way to fix this issue without kernel modifications. A fix has > been committed to -current, someone on the security team can probably > provide information on when the MFC will be appearing. Owch. The advisory says the DoS works by sending many out-of-sequence packets. Do you know how out-of-sequence do the packets have to be? I ask because if they have to be significantly staggered, then my IPFilter firewall might offer me some protection and I can start breathing again. Ciao, Sheldon.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040301103615.GB97298>