From owner-freebsd-security@FreeBSD.ORG Mon Mar 1 02:36:28 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A4DA216A4CE for ; Mon, 1 Mar 2004 02:36:28 -0800 (PST) Received: from mailspool.ops.uunet.co.za (mailspool.ops.uunet.co.za [196.7.0.140]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0B20C43D3F for ; Mon, 1 Mar 2004 02:36:28 -0800 (PST) (envelope-from sheldonh@starjuice.net) Received: from 196-30-107-6.dsl.jnb6.alter.net ([196.30.107.6] helo=urchin.seasidesoftware.co.za) by mailspool.ops.uunet.co.za with esmtp (Exim 3.36 #1) id 1Axkmc-000NFQ-00; Mon, 01 Mar 2004 12:36:22 +0200 Received: from axl.seasidesoftware.co.za ([10.0.0.2]) by urchin.seasidesoftware.co.za with esmtp (Exim 4.20) id 1AxkmW-000G3t-01; Mon, 01 Mar 2004 12:36:16 +0200 Received: from sheldonh by axl.seasidesoftware.co.za with local (Exim 4.30; FreeBSD) id 1AxkmV-00003W-Tl; Mon, 01 Mar 2004 12:36:15 +0200 Date: Mon, 1 Mar 2004 12:36:15 +0200 From: Sheldon Hearn To: Mike Silbersack Message-ID: <20040301103615.GB97298@starjuice.net> Mail-Followup-To: Mike Silbersack , Mike Tancsa , freebsd-security@freebsd.org References: <6.0.3.0.0.20040229182702.07a67a68@209.112.4.2> <20040229190101.V13340@odysseus.silby.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040229190101.V13340@odysseus.silby.com> User-Agent: Mutt/1.5.4i cc: freebsd-security@freebsd.org Subject: Re: mbuf vulnerability X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Mar 2004 10:36:28 -0000 On (2004/02/29 19:03), Mike Silbersack wrote: > > http://docs.freebsd.org/cgi/mid.cgi?200402260743.IAA18903 > > > > it seems RELENG_4 is vulnerable. Is there any work around to a system that > > has to have ports open ? > > There is no way to fix this issue without kernel modifications. A fix has > been committed to -current, someone on the security team can probably > provide information on when the MFC will be appearing. Owch. The advisory says the DoS works by sending many out-of-sequence packets. Do you know how out-of-sequence do the packets have to be? I ask because if they have to be significantly staggered, then my IPFilter firewall might offer me some protection and I can start breathing again. Ciao, Sheldon.