From owner-freebsd-security@FreeBSD.ORG Sun Apr 29 05:45:19 2007 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 6A7D616A401 for ; Sun, 29 Apr 2007 05:45:19 +0000 (UTC) (envelope-from eugen@www.svzserv.kemerovo.su) Received: from www.svzserv.kemerovo.su (www.svzserv.kemerovo.su [213.184.65.80]) by mx1.freebsd.org (Postfix) with ESMTP id B326D13C468 for ; Sun, 29 Apr 2007 05:45:18 +0000 (UTC) (envelope-from eugen@www.svzserv.kemerovo.su) Received: from www.svzserv.kemerovo.su (eugen@localhost [127.0.0.1]) by www.svzserv.kemerovo.su (8.13.8/8.13.8) with ESMTP id l3T5PLcv099898 for ; Sun, 29 Apr 2007 13:25:21 +0800 (KRAST) (envelope-from eugen@www.svzserv.kemerovo.su) Received: (from eugen@localhost) by www.svzserv.kemerovo.su (8.13.8/8.13.8/Submit) id l3T5PJ6j099896 for freebsd-security@freebsd.org; Sun, 29 Apr 2007 13:25:19 +0800 (KRAST) (envelope-from eugen) Date: Sun, 29 Apr 2007 13:25:19 +0800 From: Eugene Grosbein To: freebsd-security@freebsd.org Message-ID: <20070429052519.GB99449@svzserv.kemerovo.su> References: <200704262349.l3QNnmro085350@freefall.freebsd.org> <4633BDE9.7080103@yahoo.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4633BDE9.7080103@yahoo.com> User-Agent: Mutt/1.4.2.1i Subject: Re: FreeBSD Security Advisory FreeBSD-SA-07:03.ipv6 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 29 Apr 2007 05:45:19 -0000 On Sat, Apr 28, 2007 at 05:34:33PM -0400, Peter Thoenen wrote: > Umm maybe its just but I fail to see why this is a security advisory > (initially caught this on the OBSD list). You are following the RFC .. > if you don't like "evil" packets, then drop them at the firewall or > router layer ... don't see the need for an OS fix. Design flow in the RFC still may be security vulnerability, doesn't it? Eugene Grosbein