Date: Thu, 01 May 2014 11:42:10 -0700 From: Xin Li <delphij@delphij.net> To: Karl Pielorz <kpielorz_lst@tdx.co.uk>, freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-14:08.tcp Message-ID: <53629582.9010605@delphij.net> In-Reply-To: <7A880FB5C3D1DA39692881FE@study64.tdx.co.uk> References: <201404300435.s3U4ZAw1093717@freefall.freebsd.org> <7A880FB5C3D1DA39692881FE@study64.tdx.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 05/01/14 07:19, Karl Pielorz wrote: > > > --On 30 April 2014 04:35:10 +0000 FreeBSD Security Advisories > <security-advisories@freebsd.org> wrote: > >> II. Problem Description >> >> FreeBSD may add a reassemble queue entry on the stack into the >> segment list when the reassembly queue reaches its limit. The >> memory from the stack is undefined after the function returns. >> Subsequent iterations of the reassembly function will attempt to >> access this entry. > > Hi, > > Does this require an established TCP session to be present? - i.e. > If you have a host which provides no external TCP sessions (i.e. > replies 'Connection Refused' / drops the initial SYN) would that > still be potentially exploitable? No. An established TCP session is required. > What about boxes used as routers - that just forward the traffic > (and again, offer no TCP services directly themselves)? Routers themselves are not affected assuming that they merely forwards the traffic. Cheers, - -- Xin LI <delphij@delphij.net> https://www.delphij.net/ FreeBSD - The Power to Serve! Live free or die -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (FreeBSD) iQIcBAEBCgAGBQJTYpWCAAoJEJW2GBstM+nsSMYQAJqAv/LFJx8dJ7KEAoVWS2k2 MGt4pPE4yB49C2YWOdsq4qFAl77aAsOeLiO5aKrceqVpe4UOQjXjH3t7yPCTIVh7 CH28ujJgVNYsxcxaaB4puHPEzmtjzovjHbpH2WcNky7+ICjL/cjHWWRdTQ4h80i9 c4vRJOQGkkbRkLBtGyRFLa1NQ+KNYyANWo9bH60RUqm+sBr1VJFGeuxr16CDrPSp 9doTPjwf8NvOtX/BQaWJWFMoGiaVMrRvk6Cx8S4ScBdfiD/v/i/vHYNuVfy85Mbb TJA1ozRk6kI3iHf9Spx5GC4FX1yjzU8m4BFW8n/wqVG+AaeGO4VFFrdo7g1iKqzY bKWWIfBgRT9GlqJoY2DUvHRWKYugJnAWCAgreqJuYPCwo2H3SobwR4Pg9KQcCcUk aeEdLGgUiorxL3uChepXlQ01NgV4s66Czrmiu/8Bw+s8MQzjCNoonxW6+XQXE2g6 fnvPnV4l6RFLzxNwsoIzf/sHYHqtNRq5IAEX3C5BbJ7uDsbeJYTdI5eh1jwIUlCp 8tvFdlbgZOoiPHmIEa4ltorS7fR5rSFLCHekyTFddFuIbosarmZ3psf3tBr35EGE T3R4VYImwz1+Ae/80DsY0XlIMsPKdb4HQKVoGYq55ZOwk+r0ll9EQe9dsO1ZeY+f EcNdqzkX/YVrK7vgxD7h =WHGC -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?53629582.9010605>