Date: Wed, 22 Apr 2020 02:28:43 +0700 From: Eugene Grosbein <eugen@grosbein.net> To: freebsd-security@freebsd.org Subject: Re: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-20:10.ipfw Message-ID: <54bfc0f6-be4c-349d-df87-8ba507803a04@grosbein.net> In-Reply-To: <20200421165514.C676C1CB78@freefall.freebsd.org> References: <20200421165514.C676C1CB78@freefall.freebsd.org>
index | next in thread | previous in thread | raw e-mail
21.04.2020 23:55, FreeBSD Security Advisories wrote: > ============================================================================= > FreeBSD-SA-20:10.ipfw Security Advisory > The FreeBSD Project > > Topic: ipfw invalid mbuf handling [skip] > IV. Workaround > > No workaround is available. Systems not using the ipfw firewall are > not vulnerable. This is not true. The problem affects only seldom used rules matching TCP packets by list of TCP options (rules with "tcpoptions" keyword) and/or by TCP MSS size (rules with matching "tcpmss" keyword, don't mix with "tcp-setmss" action keyword). Systems not using "tcpoptions" nor "tcpmss" keywords to match TCP packets are not affected. For example, system using any of default templates (open/client/simple/closed/workstation) are not affected. Please consider re-checking this and adjusting the Advisory.help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?54bfc0f6-be4c-349d-df87-8ba507803a04>