From owner-freebsd-stable  Wed Apr 11 21: 5: 6 2001
Delivered-To: freebsd-stable@freebsd.org
Received: from maynard.mail.mindspring.net (maynard.mail.mindspring.net [207.69.200.243])
	by hub.freebsd.org (Postfix) with ESMTP id 5C37837B423
	for <stable@freebsd.org>; Wed, 11 Apr 2001 21:05:03 -0700 (PDT)
	(envelope-from mvh@ix.netcom.com)
Received: from netcom1.netcom.com (lai-ca4d-93.ix.netcom.com [209.110.247.93])
	by maynard.mail.mindspring.net (8.9.3/8.8.5) with ESMTP id AAA22822;
	Thu, 12 Apr 2001 00:05:01 -0400 (EDT)
Received: by netcom1.netcom.com (Postfix, from userid 1000)
	id 94248113ADA; Wed, 11 Apr 2001 21:04:53 -0700 (PDT)
From: Mike Harding <mvh@ix.netcom.com>
To: Harald.Schmalzbauer@gmx.de
Cc: stable@freebsd.org
In-reply-to: <26505.987046414@www51.gmx.net> (message from Harald Schmalzbauer
	on Thu, 12 Apr 2001 05:33:34 +0200 (MEST))
Subject: Re: IP-Filter in release?
References:  <26505.987046414@www51.gmx.net>
Message-Id: <20010412040453.94248113ADA@netcom1.netcom.com>
Date: Wed, 11 Apr 2001 21:04:53 -0700 (PDT)
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG


I believe that Darren already fixed this in the -Stable tree - check

http://www.FreeBSD.org/cgi/cvsweb.cgi/src/sys/netinet/ip_frag.c

and see a fix commited 5 days ago.

- Mike H.

   Date: Thu, 12 Apr 2001 05:33:34 +0200 (MEST)
   From: Harald Schmalzbauer <Harald.Schmalzbauer@gmx.de>
   X-Priority: 3 (Normal)
   X-Authenticated-Sender: #0000301138@gmx.net
   X-Authenticated-IP: [212.63.129.190]
   X-Flags: 0001
   Content-Type: text/plain; charset="us-ascii"
   Sender: owner-freebsd-stable@FreeBSD.ORG
   X-Loop: FreeBSD.ORG
   Precedence: bulk

   Hello all,

   since IP-Filter 3.4.16 has a serious security hole in it's fragment state
   cache, I'd love to see 3.4.17 in 4.3-release. Today there was an article in a
   very popular german newsticker
   (http://www.heise.de/newsticker/data/ju-11.04.01-000/) that somebody wrote a downloadable peace of code which generates that
   fragmented packets, so attacking is made easy to everybody.

   Right now I'm testing 3.4.17 on RC from today. I had to replace some
   osreldate.h to param.h but it compiled fine and is running so far without problems.

   I upgraded my 4.2-stable boxes earlier and it's also running fine.
   Perhaps Darren can commit it to 4.3?

   Greetings,

   -Harry

   -- 
   GMX - Die Kommunikationsplattform im Internet.
   http://www.gmx.net


   To Unsubscribe: send mail to majordomo@FreeBSD.org
   with "unsubscribe freebsd-stable" in the body of the message


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message