From owner-freebsd-security@freebsd.org  Thu Nov  1 18:03:48 2018
Return-Path: <owner-freebsd-security@freebsd.org>
Delivered-To: freebsd-security@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7EA7110FA40F
 for <freebsd-security@mailman.ysv.freebsd.org>;
 Thu,  1 Nov 2018 18:03:48 +0000 (UTC)
 (envelope-from gordon@tetlows.org)
Received: from mail-yb1-xb2d.google.com (mail-yb1-xb2d.google.com
 [IPv6:2607:f8b0:4864:20::b2d])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 15C4883596
 for <freebsd-security@freebsd.org>; Thu,  1 Nov 2018 18:03:48 +0000 (UTC)
 (envelope-from gordon@tetlows.org)
Received: by mail-yb1-xb2d.google.com with SMTP id t13-v6so2346746ybb.8
 for <freebsd-security@freebsd.org>; Thu, 01 Nov 2018 11:03:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tetlows.org; s=google;
 h=date:from:to:cc:subject:message-id:references:mime-version
 :content-disposition:in-reply-to:user-agent;
 bh=Wr3q3mJ9NA5zAgtbHBRymwWYKv0ev5QyFIhDlEiYA1A=;
 b=S4pnZnZmDnOvl99ky15alWboB4C2mrqLqE4cbuaZC2ObuAWyTNuPG8XE0jfJfv2C9O
 eVEgXaK7jszatlnrBshqiY5Xcby2MPzI6LnYJgv5tn4IohD0R8XTlICuOOrxR+PGsQZ0
 kyKXJKlcVxB/eHEm/N9FhuqDCfOWOQkeK1OKk=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:date:from:to:cc:subject:message-id:references
 :mime-version:content-disposition:in-reply-to:user-agent;
 bh=Wr3q3mJ9NA5zAgtbHBRymwWYKv0ev5QyFIhDlEiYA1A=;
 b=UP4HV7fT2TPqEIWAfzRzuL5qCFQrVud9NO10HtHMSn2LTZS0BkJCFBuC9JLIM6qd4B
 Kq6Sn+4mn3r3+zgipe5uuDRf5zc2FA+ppPXB0/POIE6p5t28TS36TARozBJeVLhri+v9
 ITElXe8xujMiVywqOMJ1+uoHjWj/rvSixc8/OJErfLyIlO7NHWMUwgSAF7DFEJBGDUs+
 0jLfsl/76zNH/8+A6/79TRsQ08IxZqnqscuSv7I159QJe4WeDc6y0wfOUmsuEez1MtSL
 kJ7/d0hSUHJ7Pj1ag23X3y2bFrfeODPVfN8u7EBopCrcYnSxWC+N8jAmxz0iHl3m1gP+
 3xCg==
X-Gm-Message-State: AGRZ1gKL9RchImazORfmr6sKyVhUHfaEYZQLpQL+E/6EsyAuCmIHCXfm
 zRTAcrARUvZV4SF+Zj2BHRvS
X-Google-Smtp-Source: AJdET5eKMh7oHyeCP6sTQhO7zGKtwfa333jTEtjSTGZZa8BStnE5Zns/ak1WF4T9SJn+e2IAoc7ZHg==
X-Received: by 2002:a25:9185:: with SMTP id
 w5-v6mr9032974ybl.138.1541095427455; 
 Thu, 01 Nov 2018 11:03:47 -0700 (PDT)
Received: from gmail.com ([2607:fc50:0:7900:0:dead:beef:cafe])
 by smtp.gmail.com with ESMTPSA id r13-v6sm6304124ywc.52.2018.11.01.11.03.46
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Thu, 01 Nov 2018 11:03:46 -0700 (PDT)
Date: Thu, 1 Nov 2018 11:03:44 -0700
From: Gordon Tetlow <gordon@tetlows.org>
To: syed khalid <0xsyed@gmail.com>
Cc: freebsd-security@freebsd.org
Subject: Re: Regarding CVE-2018-4407
Message-ID: <20181101180344.GO6768@gmail.com>
References: <CAERAQ8eDToyUuCa7T_MwqKXtXRPkB_3GK=_0r366qzKo_9uj4g@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha512;
 protocol="application/pgp-signature"; boundary="QnBU6tTI9sljzm9u"
Content-Disposition: inline
In-Reply-To: <CAERAQ8eDToyUuCa7T_MwqKXtXRPkB_3GK=_0r366qzKo_9uj4g@mail.gmail.com>
User-Agent: Mutt/1.10.1 (2018-07-13)
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Nov 2018 18:03:48 -0000


--QnBU6tTI9sljzm9u
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Oct 31, 2018 at 04:17:36PM +0530, syed khalid wrote:
> Hello All,
>=20
> There is kernel RCE caused by a buffer overflow in Apple ICMP's
> packet-handling code. The PoC is not available but the bug details are
> mentioned here in https://lgtm.com/blog/apple_xnu_icmp_error_CVE-2018-440=
7.
> Will this vulnerability affects FreeBSD? Please let me know your thoughts

I've exchanged a couple of emails with the researchers and they have
confirmed the PoC they wrote for MacOS doesn't work on FreeBSD. Further
code analysis looks like we have some bounds checking in place that
probably didn't exist in the MacOS code. All that said, I've asked a
couple of networking stack folks to take a look at it further. I'll
report if anything changes with that assessment.

Regards,
Gordon Tetlow
FreeBSD Security Officer

--QnBU6tTI9sljzm9u
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQGTBAABCgB9FiEEuyjUCzYO7pNq7RVv5fe8y6O93fgFAlvbQABfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEJC
MjhENDBCMzYwRUVFOTM2QUVEMTU2RkU1RjdCQ0NCQTNCRERERjgACgkQ5fe8y6O9
3fjVEggAkUnAZ5wooB075cZrbcoyMO9kfUlVZ+t1LhBifkQ2S64R5vd/VojKdAqd
+bd9TEvwssC77qmI9IBMSlG+J3IpI+j5Pdr9ePfBtIWZpOxS+EM6PmiWU+NjBM9c
Leu9Lxu6kHr41GF0MB0KX+SY+QI8bRyZAsHh5c+/koxE+G4wspj7lz9nVjIeBZRL
N9NAOwHSaoZTw5j10b8HVUb7la3bDO1j8IKjUqdbsH8TpNwR1PwdC/dqmwUIaNIi
UHcdTTj5WcbVFM76rQotnzlBGP/iL8V7ksWsgDTsAjsj76/kqexJsxirrfxcG1R5
DFQzFDEH8UQruX0Hwrmp1GdRelyGbw==
=oYOI
-----END PGP SIGNATURE-----

--QnBU6tTI9sljzm9u--