From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:47:50 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id DCA1316A4CF; Thu, 16 Sep 2004 03:47:50 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 22503 invoked by uid 1005); 29 Aug 2003 02:32:52 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 22500 invoked from network); 29 Aug 2003 02:32:52 -0000 Received: from moutng.kundenserver.de (212.227.126.177) by pd9e39106.dip.t-dialin.net with SMTP; 29 Aug 2003 02:32:52 -0000 Received: from [212.227.126.211] (helo=mxng15.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19sZxK-0003Da-00 for max@vampire.homelinux.org; Fri, 29 Aug 2003 05:29:46 +0200 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng15.kundenserver.de with esmtp (Exim 3.35 #1) id 19sZxH-0001ip-00 for max@love2party.net; Fri, 29 Aug 2003 05:29:43 +0200 Received: from turing (localhost [127.0.0.1])ESMTP id 0086A390A38; Thu, 28 Aug 2003 22:30:20 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Thu, 28 Aug 2003 22:30:15 -0500 (EST) Delivered-To: pf4freebsd@freelists.org Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.177])ESMTP id 0CC92390979 for ; Thu, 28 Aug 2003 22:30:15 -0500 (EST) Received: from [212.227.126.160] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19sZx9-0003CT-00 for pf4freebsd@freelists.org; Fri, 29 Aug 2003 05:29:35 +0200 Received: from [217.227.145.6] (helo=max900) by mrelayng.kundenserver.de with asmtp (Exim 3.35 #1) id 19sZx8-0005uK-00 for pf4freebsd@freelists.org; Fri, 29 Aug 2003 05:29:34 +0200 Message-ID: <006101c36dde$01cb64e0$01000001@max900> From: "Max Laier" To: MIME-Version: 1.0 Content-type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 X-archive-position: 116 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: max@love2party.net Precedence: normal X-list: pf4freebsd X-UID: 229 X-Length: 3158 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:52 +0000 Subject: [pf4freebsd] Possible remote DoS (panic) with scrub rules!!! X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:47:51 -0000 X-Original-Date: Fri, 29 Aug 2003 05:31:16 +0200 X-List-Received-Date: Thu, 16 Sep 2004 03:47:51 -0000 Hello, just got a HUB from Daniel regarding a possible remote DoS in pf_norm.c This might not be a problem if you do not use "scrub"-Rules. This regards all versions of pf4freebsd prior 1.63 (which was just released) and port prior 1.0_7 (just commited by "edwin"). Version 1.63 (for tarball users) can be found at: http://pf4freebsd.love2party.net/pf_freebsd_1.63.tar.gz MD5 (pf_freebsd_1.63.tar.gz) = d36bef7f8023c891572148c0d3930410 the patch for the port is commited. Please update as soon as possible. Additional information can be found at: http://www.openbsd.org/cgi-bin/cvsweb/src/sys/net/pf_norm.c (v1.75) Regards, Max