Date: Tue, 21 Apr 2020 18:15:29 -0400 From: Ed Maste <emaste@freebsd.org> To: Eugene Grosbein <eugen@grosbein.net>, "Andrey V. Elsukov" <ae@freebsd.org> Cc: freebsd-security@freebsd.org Subject: Re: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-20:10.ipfw Message-ID: <CAPyFy2Bx6hM0FdF2xHPrpzfCDo%2B5JRtetxQs2_S9zy=V2FEmew@mail.gmail.com> In-Reply-To: <54bfc0f6-be4c-349d-df87-8ba507803a04@grosbein.net> References: <20200421165514.C676C1CB78@freefall.freebsd.org> <54bfc0f6-be4c-349d-df87-8ba507803a04@grosbein.net>
index | next in thread | previous in thread | raw e-mail
On Tue, 21 Apr 2020 at 15:29, Eugene Grosbein <eugen@grosbein.net> wrote: > > 21.04.2020 23:55, FreeBSD Security Advisories wrote: > > ============================================================================= > > FreeBSD-SA-20:10.ipfw Security Advisory > > The FreeBSD Project > > > > Topic: ipfw invalid mbuf handling > > [skip] > > > IV. Workaround > > > > No workaround is available. Systems not using the ipfw firewall are > > not vulnerable. > > This is not true. The problem affects only seldom used rules matching TCP packets > by list of TCP options (rules with "tcpoptions" keyword) and/or by TCP MSS size > (rules with matching "tcpmss" keyword, don't mix with "tcp-setmss" action keyword). I believe this is correct; what about this statement: No workaround is available. Systems not using the ipfw firewall, and systems that use the ipfw firewall but without any rules using "tcpoptions" or "tcpmss" keywords, are not affected.help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAPyFy2Bx6hM0FdF2xHPrpzfCDo%2B5JRtetxQs2_S9zy=V2FEmew>