Date: Thu, 20 Jan 2000 17:38:13 -0700 From: Brett Glass <brett@lariat.org> To: Warner Losh <imp@village.org> Cc: jamiE rishaw - master e*tard <jamiE@arpa.com>, Tom <tom@uniserve.com>, Mike Tancsa <mike@sentex.net>, freebsd-security@FreeBSD.ORG, freebsd-stable@FreeBSD.ORG, security-officer@FreeBSD.ORG Subject: Re: bugtraq posts: stream.c - new FreeBSD exploit? Message-ID: <4.2.2.20000120173540.01a26100@localhost> In-Reply-To: <200001210034.RAA06762@harmony.village.org> References: <Your message of "Thu, 20 Jan 2000 17:32:03 MST." <4.2.2.20000120172607.0198f1e0@localhost> <4.2.2.20000120172607.0198f1e0@localhost> <Pine.BSF.4.02A.10001201232520.26367-100000@shell.uniserve.ca> <3.0.5.32.20000120152818.01d7fa40@staff.sentex.ca> <Pine.BSF.4.02A.10001201232520.26367-100000@shell.uniserve.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
Hmmm. I haven't started at the stack to see if this is feasible, but can't the code that implements IPFW's "established" keyword be used to discard the ACK if it isn't associated with an active session? --Brett At 05:34 PM 1/20/2000 , Warner Losh wrote: >It is a remote exploit. > >Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.2.2.20000120173540.01a26100>