Date: Tue, 21 Apr 2020 18:15:29 -0400 From: Ed Maste <emaste@freebsd.org> To: Eugene Grosbein <eugen@grosbein.net>, "Andrey V. Elsukov" <ae@freebsd.org> Cc: freebsd-security@freebsd.org Subject: Re: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-20:10.ipfw Message-ID: <CAPyFy2Bx6hM0FdF2xHPrpzfCDo%2B5JRtetxQs2_S9zy=V2FEmew@mail.gmail.com> In-Reply-To: <54bfc0f6-be4c-349d-df87-8ba507803a04@grosbein.net> References: <20200421165514.C676C1CB78@freefall.freebsd.org> <54bfc0f6-be4c-349d-df87-8ba507803a04@grosbein.net>
index | next in thread | previous in thread | raw e-mail
On Tue, 21 Apr 2020 at 15:29, Eugene Grosbein <eugen@grosbein.net> wrote: > > 21.04.2020 23:55, FreeBSD Security Advisories wrote: > > ============================================================================= > > FreeBSD-SA-20:10.ipfw Security Advisory > > The FreeBSD Project > > > > Topic: ipfw invalid mbuf handling > > [skip] > > > IV. Workaround > > > > No workaround is available. Systems not using the ipfw firewall are > > not vulnerable. > > This is not true. The problem affects only seldom used rules matching TCP packets > by list of TCP options (rules with "tcpoptions" keyword) and/or by TCP MSS size > (rules with matching "tcpmss" keyword, don't mix with "tcp-setmss" action keyword). I believe this is correct; what about this statement: No workaround is available. Systems not using the ipfw firewall, and systems that use the ipfw firewall but without any rules using "tcpoptions" or "tcpmss" keywords, are not affected.home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAPyFy2Bx6hM0FdF2xHPrpzfCDo%2B5JRtetxQs2_S9zy=V2FEmew>