Date: Sat, 10 Aug 2024 14:20:08 +0000 From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 280705] 0.0.0.0/32 is equivalent to 127.0.0.1/32, which may be considered a security flaw Message-ID: <bug-280705-7501-0FBvsHdiz0@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-280705-7501@https.bugs.freebsd.org/bugzilla/> References: <bug-280705-7501@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D280705 Jamie Landeg-Jones <jamie@catflap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jamie@catflap.org --- Comment #9 from Jamie Landeg-Jones <jamie@catflap.org> --- (In reply to Eirik Oeverby from comment #8) I tried this on 14.0-stable from March, and from my testing, it appears this does happen if you bind to 127.0.0.1, but not any other IP (even 127.0.0.2 aliased on lo0 didn't exhibit the behaviour) IE bind to 127.0.0.1 allows connections to 0.0.0.0, but binding to anything else doesn't. Still, I wouldn't have expected the bind to 127.0.0.1 to accept 0.0.0.0 --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-280705-7501-0FBvsHdiz0>