Date: Fri, 26 Jan 2001 17:36:33 +0100 From: Martin Ibert <mib@asdis.de> To: freebsd-security@freebsd.org Subject: Another problem with the ipfw patch - even bigger hole in the firewall on 4.0R (was: Re: ipfw security patch problem..) Message-ID: <5.0.0.25.1.20010126173443.02d9e1e8@pop3.itp.asdis.de>
next in thread | raw e-mail | index | archive | help
[Sorry Justin! I forgot to Cc: the list when I replied to your mail, so you now have it twice. :-( ] At 08:00 26.01.2001 +0200, you wrote: >I upgraded my ipfw yesterday on my 4.0-STABLE system with the patch by >following the instructions to the letter for the security bug discovered >by Aragon Gouveia, and compile and install appeared to go seamlessly. We also tried to patch a 4.0-RELEASE system. We worked according to the step-by-step instructions provided in the advisory. Some patches were rejected and had to be done by hand, but apart from that, no major problems were discovered during build and install. However, the resulting combination of kernel and ipfw tool did not work! It appears that the firewall took EVERY tcp packet to be part of an "establised" connection and happily past setup packets in and out. We quickly retraced our steps and reverted the system to its pre-patched state. Did anyone experience the same problems as we did? And does anyone have a solution (short of upgrading to 4.2-RELEASE or better?) -- --------------------------------------------------------------- Dipl.-Inform. Martin Ibert - phone: +49-30-20631-607, fax: -199 - ASDIS Software AG, Neue Grünstraße 25, D-10179 Berlin-Mitte - ---------------- http://www.asdis.de/ -- mailto:mib@asdis.de -- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5.0.0.25.1.20010126173443.02d9e1e8>