Date: Wed, 14 Apr 2004 16:08:48 +0000 From: Dmitry Surovtsev <sd@buc.com.ua> To: "Devon H. O'Dell" <dodell@offmyserver.com> Cc: freebsd-ipfw@freebsd.org Subject: Re: IPFW ECE Firewall Bypassing Exploit Message-ID: <407D6210.1070202@buc.com.ua> References: <200403171648.i2HGmWwS015144@freefall.freebsd.org> <407D1E4F.4000500@buc.com.ua> <407D1F3A.6070607@offmyserver.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Thanks, that's right, ouhh ;-) i do not know why securiteam.com/ dated it _14 Apr 2004_. Devon H. O'Dell wrote: > Dmitry Surovtsev wrote: > >> securiteam news (http://www.securiteam.com/exploits/5CP0B0UCKU.html): >> >> A vulnerability in FreeBSD's implementation of packet filtering for IPv4 >> and IPv6 has been found. The vulnerability allows specially crafted >> packets that are not part of an established connection to go through the >> firewall. These special packets must have the ECE flag set, which is in >> the TCP reserved options field. >> >> [snip] > > > Hello Dmitry, > > This bug was fixed circa three years ago. Please see the date on the > exploit. > > Kind regards, > > Devon H. O'Dell > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?407D6210.1070202>