Date: Wed, 14 Apr 2004 13:23:38 +0200 From: "Devon H. O'Dell" <dodell@offmyserver.com> To: sd@buc.com.ua Cc: freebsd-ipfw@freebsd.org Subject: Re: IPFW ECE Firewall Bypassing Exploit Message-ID: <407D1F3A.6070607@offmyserver.com> In-Reply-To: <407D1E4F.4000500@buc.com.ua> References: <200403171648.i2HGmWwS015144@freefall.freebsd.org> <407D1E4F.4000500@buc.com.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
Dmitry Surovtsev wrote: > securiteam news (http://www.securiteam.com/exploits/5CP0B0UCKU.html): > > A vulnerability in FreeBSD's implementation of packet filtering for IPv4 > and IPv6 has been found. The vulnerability allows specially crafted > packets that are not part of an established connection to go through the > firewall. These special packets must have the ECE flag set, which is in > the TCP reserved options field. > > [snip] Hello Dmitry, This bug was fixed circa three years ago. Please see the date on the exploit. Kind regards, Devon H. O'Dell
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?407D1F3A.6070607>