kern/94599: MAC (Mandatory Access Control) and IPSEC can not coexist
Zhouyi Zhou
zhouyi04 at ios.cn
Fri Mar 17 10:10:16 UTC 2006
>Number: 94599
>Category: kern
>Synopsis: MAC (Mandatory Access Control) and IPSEC can not coexist
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Fri Mar 17 10:10:13 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator: Zhouyi Zhou
>Release: FreeBSD 6.0 and FreeBSD 5.4 both
>Organization:
Institute of Software, Chinese Academy of Sciences
>Environment:
FreeBSD zzy.ios 6.0-RELEASE FreeBSD 6.0-RELEASE #13: Fri Mar 17 17:11:04 UTC 2006 root at zzy.ios:/root/Earth/earth/sys/i386/compile/earth i386
>Description:
Once you set up your machine with both MAC/MLS and IPSEC support. Then your
connect from a TCP client from one machine to a TCP server on another machine,
the TCP server will crack.
The reason is somethings has modified the mags that used to store the MAC information.
>How-To-Repeat:
Once you set up your machine with both MAC/MLS and IPSEC support. Then your
connect from a TCP client from one machine to a TCP server on another machine,
the TCP server will crack.
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list