Date: Thu, 16 Aug 2018 13:58:07 +0100 From: "Kristof Provost" <kp@FreeBSD.org> To: "Alexandr Krivulya" <shuriku@shurik.kiev.ua> Cc: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-18:08.tcp Message-ID: <5BB8F247-B799-4839-9E0E-E331B8EA85DB@FreeBSD.org> In-Reply-To: <306fd368-1093-ace2-7075-a9c6d2bf6860@shurik.kiev.ua> References: <20180815054732.9D8C61C2C8@freefall.freebsd.org> <306fd368-1093-ace2-7075-a9c6d2bf6860@shurik.kiev.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
On 15 Aug 2018, at 15:25, Alexandr Krivulya wrote: > Hi, freebsd-security > > Can CVE-2018-6922 be addressed by pf's fragment reassemble and > reassemble tcp options or can it potentially lead to memory overflow > (set limit frags?) when this options enabled? > No. While pf does limit the maximum number of IP fragments it’ll hold on to, this number is large enough that it’s still possible to cause the it to use excessive amounts of CPU time. pf does not reassemble tcp segments, so it won’t protect you agains that variant of the attack. The good news there is that it is not itself vulnerable to it (for the same reason). I’m looking into limiting the number of fragments per packet to ensure there can’t be excessive CPU use, but that’s not ready to be committed yet. — Kristof
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5BB8F247-B799-4839-9E0E-E331B8EA85DB>