From owner-freebsd-security  Fri Apr  6 17: 0:14 2001
Delivered-To: freebsd-security@freebsd.org
Received: from sj-msg-core-1.cisco.com (sj-msg-core-1.cisco.com [171.71.163.11])
	by hub.freebsd.org (Postfix) with ESMTP id 16C1537B443
	for <freebsd-security@FreeBSD.ORG>; Fri,  6 Apr 2001 17:00:11 -0700 (PDT)
	(envelope-from bmah@cisco.com)
Received: from bmah-freebsd-0.cisco.com (bmah-freebsd-0.cisco.com [171.70.84.42])
	by sj-msg-core-1.cisco.com (8.9.3/8.9.1) with ESMTP id RAA27357;
	Fri, 6 Apr 2001 17:00:15 -0700 (PDT)
Received: (from bmah@localhost)
	by bmah-freebsd-0.cisco.com (8.11.3/8.11.1) id f3700AD10168;
	Fri, 6 Apr 2001 17:00:10 -0700 (PDT)
	(envelope-from bmah)
Message-Id: <200104070000.f3700AD10168@bmah-freebsd-0.cisco.com>
X-Mailer: exmh version 2.3.1 01/19/2001 with nmh-1.0.4
To: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: URGENT: Serious bug in IPFilter (fwd) 
In-Reply-To: <200104062135.f36LZpt67966@cwsys.cwsent.com> 
References: <200104062135.f36LZpt67966@cwsys.cwsent.com>
Comments: In-reply-to Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>
   message dated "Fri, 06 Apr 2001 14:35:14 -0700."
From: "Bruce A. Mah" <bmah@FreeBSD.ORG>
Reply-To: bmah@FreeBSD.ORG
X-Face: g~c`.{#4q0"(V*b#g[i~rXgm*w;:nMfz%_RZLma)UgGN&=j`5vXoU^@n5<Pi&akO)o^8;[r
 %l(8ZHlbF`dD>v4:OO)c["!w)nD/!!~e4Sj7LiT'6*wZ83454H""lb{CC%T37O!!'S$S&D}sem7I[A
 2V%N&+
X-Image-Url: http://www.employees.org/~bmah/Images/bmah-cisco-small.gif
X-Url: http://www.employees.org/~bmah/
Mime-Version: 1.0
Content-Type: multipart/signed; boundary="==_Exmh_867176716P";
	 micalg=pgp-sha1; protocol="application/pgp-signature"
Content-Transfer-Encoding: 7bit
Date: Fri, 06 Apr 2001 17:00:10 -0700
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

--==_Exmh_867176716P
Content-Type: text/plain; charset=us-ascii

If memory serves me right, Cy Schubert - ITSD Open Systems Group wrote:
> Should we be updating IP Filter in our source tree before 4.3-RELEASE?  
> This sounds like a serious bug.

It looks like darrenr committed a fix to HEAD, but it's not MFC-ed yet
AFAIK:

darrenr@FreeBSD.org said:
> darrenr     2001/04/06 08:52:29 PDT
>   Modified files:
>     sys/netinet          ip_frag.c ip_frag.h ip_nat.c ip_nat.h 
>                          ip_state.c 
>   Log:
>   fix security hole created by fragment cache
>      Revision  Changes    Path
>   1.15      +26 -5     src/sys/netinet/ip_frag.c
>   1.12      +5 -3      src/sys/netinet/ip_frag.h
>   1.22      +5 -3      src/sys/netinet/ip_nat.c
>   1.15      +2 -1      src/sys/netinet/ip_nat.h
>   1.21      +3 -3      src/sys/netinet/ip_state.c 

Bruce.





--==_Exmh_867176716P
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: Exmh version 2.2 06/23/2000

iD8DBQE6zliK2MoxcVugUsMRArEtAJ4jgKqouX2NHuOXbHPGFZ5UkeOM7wCg2poq
iWrnytrNGZJljBMIdLeHa8o=
=ckzN
-----END PGP SIGNATURE-----

--==_Exmh_867176716P--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message