Date: Tue, 1 Aug 2000 19:38:58 -0500 (CDT) From: Mike Silbersack <silby@silby.com> To: security@freebsd.org Subject: Ip packet filtering with bridging on freebsd (fwd) Message-ID: <Pine.BSF.4.21.0008011932420.36719-100000@achilles.silby.com>
next in thread | raw e-mail | index | archive | help
AFAIK, you found the bug(s), know what they are, know how to fix them, and have commit access, Darren. So why did you take the script-kiddie route and mail bugtraq before any hint of a patch appeared? Mike "Silby" Silbersack ---------- Forwarded message ---------- Date: Tue, 1 Aug 2000 07:14:50 +1000 From: Darren Reed <avalon@COOMBS.ANU.EDU.AU> To: BUGTRAQ@SECURITYFOCUS.COM Subject: Ip packet filtering with bridging on freebsd If someone is doing packet filtering using ipfw to do packet filtering with a FreeBSD box configured to do bridging, it is relatively easy to make the box go "boom" as none of the standard header sanity checks are done prior to the filter routine being called (check /sys/net/bridge.c) It is a feature "copied" from OpenBSD but somehow large amounts of code were not copied and bugs resulted. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0008011932420.36719-100000>