Date: Wed, 22 Oct 2025 13:22:53 -0400 From: mike tancsa <mike@sentex.net> To: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: FreeBSD Security Advisory FreeBSD-SA-25:09.netinet Message-ID: <f2b3b287-29a0-45ac-93f7-ff8cd44d27dc@sentex.net> In-Reply-To: <20251022170300.A62D31EBD@freefall.freebsd.org> References: <20251022170300.A62D31EBD@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 10/22/2025 1:03 PM, FreeBSD Security Advisories wrote:
> III. Impact
>
> Software which sets SO_REUSEPORT_LB on a socket and then connects it
> to a host
> will not observe any problems. However, due to its membership in a
> load-balancing group, that socket will receive packets originating
> from any
> host. This breaks the contract of the connect(2) and implied connect via
> sendto(2), and may leave the application vulnerable to spoofing attacks.
>
Trying to better understand the impact of this bug. Am I right to read
that an attacker needs local access first ? What would the common apps
be that would be at issue ? Looks like unbound is one. I dont see
apache24 reference SO_REUSEPORT_LB.
eg.
1{r-14mfitest}# pwd
/usr/ports/www/apache24
0{r-14mfitest}# make extract
0{r-14mfitest}# find . -type f | xargs grep SO_REUSEPORT_LB
1{r-14mfitest}#
would it be vulnerable in a dependent lib perhaps ?
---Mike
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?f2b3b287-29a0-45ac-93f7-ff8cd44d27dc>