From owner-freebsd-ipfw@FreeBSD.ORG Wed Apr 14 06:09:16 2004 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 47FE016A4CE for ; Wed, 14 Apr 2004 06:09:16 -0700 (PDT) Received: from pitt.sitel.com.ua (pitt.sitel.com.ua [217.27.144.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2631543D39 for ; Wed, 14 Apr 2004 06:09:14 -0700 (PDT) (envelope-from sd@buc.com.ua) Received: from arrow.buc.com.ua (arrow.sitel.com.ua [217.27.145.61]) by pitt.sitel.com.ua (8.12.9p2/8.12.9) with ESMTP id i3ED91Sr088933; Wed, 14 Apr 2004 16:09:03 +0300 (EEST) (envelope-from sd@buc.com.ua) Received: by arrow.buc.com.ua (Postfix, from userid 1002) id 7840090058; Wed, 14 Apr 2004 16:08:28 +0000 (GMT) Received: from buc.com.ua (unknown [192.168.13.97]) by arrow.buc.com.ua (Postfix) with ESMTP id 5C42590053; Wed, 14 Apr 2004 16:08:28 +0000 (GMT) Message-ID: <407D6210.1070202@buc.com.ua> Date: Wed, 14 Apr 2004 16:08:48 +0000 From: Dmitry Surovtsev User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.0) Gecko/20020610 X-Accept-Language: ru, uk, en-us, en MIME-Version: 1.0 To: "Devon H. O'Dell" References: <200403171648.i2HGmWwS015144@freefall.freebsd.org> <407D1E4F.4000500@buc.com.ua> <407D1F3A.6070607@offmyserver.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-ipfw@freebsd.org Subject: Re: IPFW ECE Firewall Bypassing Exploit X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: sd@buc.com.ua List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Apr 2004 13:09:16 -0000 Thanks, that's right, ouhh ;-) i do not know why securiteam.com/ dated it _14 Apr 2004_. Devon H. O'Dell wrote: > Dmitry Surovtsev wrote: > >> securiteam news (http://www.securiteam.com/exploits/5CP0B0UCKU.html): >> >> A vulnerability in FreeBSD's implementation of packet filtering for IPv4 >> and IPv6 has been found. The vulnerability allows specially crafted >> packets that are not part of an established connection to go through the >> firewall. These special packets must have the ECE flag set, which is in >> the TCP reserved options field. >> >> [snip] > > > Hello Dmitry, > > This bug was fixed circa three years ago. Please see the date on the > exploit. > > Kind regards, > > Devon H. O'Dell > >