From owner-freebsd-security@FreeBSD.ORG  Fri Mar 16 16:28:16 2007
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
X-Original-To: freebsd-security@freebsd.org
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 647B116A409
	for <freebsd-security@freebsd.org>;
	Fri, 16 Mar 2007 16:28:16 +0000 (UTC)
	(envelope-from cperciva@freebsd.org)
Received: from pd2mo2so.prod.shaw.ca (shawidc-mo1.cg.shawcable.net
	[24.71.223.10])
	by mx1.freebsd.org (Postfix) with ESMTP id 412A013C4AE
	for <freebsd-security@freebsd.org>;
	Fri, 16 Mar 2007 16:28:16 +0000 (UTC)
	(envelope-from cperciva@freebsd.org)
Received: from pd2mr4so.prod.shaw.ca
	(pd2mr4so-qfe3.prod.shaw.ca [10.0.141.107]) by l-daemon
	(Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004))
	with ESMTP id <0JF000ED78EFE870@l-daemon> for
	freebsd-security@freebsd.org; Fri, 16 Mar 2007 10:27:51 -0600 (MDT)
Received: from pn2ml9so.prod.shaw.ca ([10.0.121.7])
	by pd2mr4so.prod.shaw.ca (Sun Java System Messaging Server 6.2-7.05
	(built Sep
	5 2006)) with ESMTP id <0JF0001B08EFLAJ1@pd2mr4so.prod.shaw.ca> for
	freebsd-security@freebsd.org; Fri, 16 Mar 2007 10:27:52 -0600 (MDT)
Received: from hexahedron.daemonology.net ([24.82.18.31])
	by l-daemon (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15
	2004)) with SMTP id <0JF000DDH8EEL380@l-daemon> for
	freebsd-security@freebsd.org; Fri, 16 Mar 2007 10:27:51 -0600 (MDT)
Received: (qmail 1122 invoked from network); Fri, 16 Mar 2007 16:27:43 +0000
Received: from unknown (HELO ?127.0.0.1?) (127.0.0.1)
	by localhost with SMTP; Fri, 16 Mar 2007 16:27:43 +0000
Date: Fri, 16 Mar 2007 09:27:42 -0700
From: Colin Percival <cperciva@freebsd.org>
In-reply-to: <45F7C0CF.7020906@freebsd.org>
To: Colin Percival <cperciva@freebsd.org>
Message-id: <45FAC57E.6050200@freebsd.org>
MIME-version: 1.0
Content-type: text/plain; charset=KOI8-R
Content-transfer-encoding: 7bit
X-Enigmail-Version: 0.94.0.0
References: <20070314074510.GH99047@codelabs.ru> <45F7C0CF.7020906@freebsd.org>
User-Agent: Thunderbird 1.5.0.9 (X11/20061227)
Cc: freebsd-security@freebsd.org
Subject: Re: OpenBSD IPv6 remote kernel buffer overflow. FreeBSD has this
	too?
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Mar 2007 16:28:16 -0000

I wrote:
> Eygene Ryabinkin wrote:
>> Just spotted the new advisory from CORE:
>> 	http://www.securityfocus.com/archive/1/462728/30/0/threaded
>> Not an expert, but FreeBSD's src/sys/kern/uipc_mbuf2.c has the very
>> simular code.
> 
> I really hope that we're not affected, especially since we didn't get
> any advance notice of this; but I've asked several of our IPv6 / network
> stack experts to investigate this.

After hearing from a KAME developers who investigated this issue,
I'm satisfied that FreeBSD is not affected.

Colin Percival