From owner-freebsd-security@FreeBSD.ORG  Wed Feb 25 17:22:14 2015
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 48AD7999
 for <freebsd-security@freebsd.org>; Wed, 25 Feb 2015 17:22:14 +0000 (UTC)
Received: from mail.jr-hosting.nl (mail.jr-hosting.nl
 [IPv6:2a01:4f8:210:34e4::25])
 by mx1.freebsd.org (Postfix) with ESMTP id CD76F91A
 for <freebsd-security@freebsd.org>; Wed, 25 Feb 2015 17:22:13 +0000 (UTC)
Received: from [10.0.2.17] (a44084.upc-a.chello.nl [62.163.44.84])
 (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
 (Client did not present a certificate)
 by mail.jr-hosting.nl (Postfix) with ESMTPSA id 6AF1529B5;
 Wed, 25 Feb 2015 18:21:57 +0100 (CET)
DMARC-Filter: OpenDMARC Filter v1.3.0 mail.jr-hosting.nl 6AF1529B5
Authentication-Results: mail.jr-hosting.nl/6AF1529B5;
 dmarc=none header.from=FreeBSD.org
Subject: Re: FreeBSD Security Advisory FreeBSD-SA-15:04.igmp (fwd) - ipfw fix?
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2070.6\))
Content-Type: multipart/signed;
 boundary="Apple-Mail=_8B5A2B00-5407-491B-9760-2C319F006544";
 protocol="application/pgp-signature"; micalg=pgp-sha1
X-Pgp-Agent: GPGMail 2.5b5
From: Remko Lodder <remko@FreeBSD.org>
In-Reply-To: <ABE6D1EBAF2F5AEB25D65407@[10.12.30.106]>
Date: Wed, 25 Feb 2015 18:21:58 +0100
Message-Id: <1BE461E0-D2AC-4222-8D41-B7F97E83FD74@FreeBSD.org>
References: <ABE6D1EBAF2F5AEB25D65407@[10.12.30.106]>
To: Karl Pielorz <kpielorz_lst@tdx.co.uk>
X-Mailer: Apple Mail (2.2070.6)
Cc: freebsd-security@freebsd.org
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Feb 2015 17:22:14 -0000


--Apple-Mail=_8B5A2B00-5407-491B-9760-2C319F006544
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=us-ascii


> On 25 Feb 2015, at 12:24, Karl Pielorz <kpielorz_lst@tdx.co.uk> wrote:
>=20
>=20
> Hi,
>=20
> Presumably if you don't need IGMP, ipfw can be used to mitigate this =
on hosts until they're patched / rebooted, i.e.
>=20
> ipfw add x deny igmp from any to any
>=20
> ?


This suggests that you can filter the traffic:

Block incoming IGMP packets by protecting your host/networks with a =
firewall.
 (Quote from the SA).

Br,
Remko

>=20
> Thanks,
>=20
> -Karl
>=20
> ---------- Forwarded Message ----------
> Date: 25 February 2015 06:29 +0000
> From: FreeBSD Security Advisories <security-advisories@freebsd.org>
> To: FreeBSD Security Advisories <security-advisories@freebsd.org>
> Subject: FreeBSD Security Advisory FreeBSD-SA-15:04.igmp
>=20
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>=20
> =
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=

> =3D=3D FreeBSD-SA-15:04.igmp                                       =
Security
> Advisory                                                           The
> FreeBSD Project
>=20
> Topic:          Integer overflow in IGMP protocol
>=20
> _______________________________________________
> freebsd-security@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to =
"freebsd-security-unsubscribe@freebsd.org"

--
/"\   Best regards,                      | remko@FreeBSD.org
\ /   Remko Lodder                       | remko@EFnet
 X    http://www.evilcoder.org/          |
/ \   ASCII Ribbon Campaign              | Against HTML Mail and News


--Apple-Mail=_8B5A2B00-5407-491B-9760-2C319F006544
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
	filename=signature.asc
Content-Type: application/pgp-signature;
	name=signature.asc
Content-Description: Message signed with OpenPGP using GPGMail

-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org

iQIcBAEBAgAGBQJU7gS3AAoJEKjD27JZ84ywuWYQAKrK/VCC5CfTrftCoJXFF8vl
MuB8/1dP8rooI3q0mHZ218gyggUhBC8vGEjKSa9exug6ME7PIxWAqNsGnTVYFkNo
8dzrRvXoy/sEaMNcCO6+9Mn3UP8OAYY9kJBe9UaWruXjsbqAnkETkVNaBJ18mZse
GMZPKN93+E11cNBYWiAsZihCkjDTY4ixQjopt6AlcpRWVb9lkLwBsiH4XQOhe7C7
lIBuNGtq9jA0kpBU0FduxglquJCaBTY2wU1fKnOeqgVtT7sLaJ1NmELACJJzBWU8
Lh0ud8MQ8yiqLB6fLVfVLVIzX/jWTiVPvzgLs0p0UiP6I7YBPPHeOXSaQ87Kzkwj
146cT+YphCLuEnLS9MZp2xJ2pEvgw2390vyMecB0xcJhVlNhB+NB5rJxW+BJyx0Y
UsqCeu7YFkOtZDiGzcuie+SnPdDmM28S8BSOy1UHhPz3tArdQfvqF25HMno6tW0L
o6H+kLcdUeXCdMYZd7Kij2aQJRWnNt/ytsRfuzXa3nDBlMUmNSkZpJZ2DtcBJqUl
zVI8iau9F+Ibhs/hxbSjtQ4f+IhOXyn5ZXCgx02xFFw/XBiDbLOSqeY2xkoTlL0m
N5630f1d4gZ3gZtWiMfDYvnjX7SbCFO7az0LxvFOxxBqmkWf9KW2xrOwyRbrZSJ/
Li7GIzf8EsXd7ECCJ9Tm
=9xR7
-----END PGP SIGNATURE-----

--Apple-Mail=_8B5A2B00-5407-491B-9760-2C319F006544--