OpenBSD/FreeBSD pf issue ?
Max Laier
max at love2party.net
Mon Apr 13 13:47:08 PDT 2009
On Monday 13 April 2009 20:58:14 Mike Tancsa wrote:
> ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.4/common/013_pf.patch
>
> http://helith.net/txt/openbsd_4.3-current_pf_null_pointer_dereference_kerne
>l_panic.txt
>
>
> Not sure if this impacts FreeBSD or not ?
It looks like FreeBSD is not vulnerable to this - it seems the problem was
introduced with OpenBSD pf.c rev. 1.539 (which first appeared in OpenBSD 4.2).
Our last full import was OpenBSD 4.1 which doesn't include the vulnerability.
Please note that this a preliminary assessment - I will follow-up with a
proper version as soon as more people have looked at the situation. Feel free
to pitch in if you see remaining problems in the FreeBSD version of pf.c -
maybe off-list.
In addition it might make sense to drop this kind of packets as part of the
"scrub" process, but that is not an immediate concern at this point.
--
/"\ Best regards, | mlaier at freebsd.org
\ / Max Laier | ICQ #67774661
X http://pf4freebsd.love2party.net/ | mlaier at EFnet
/ \ ASCII Ribbon Campaign | Against HTML Mail and News
More information about the freebsd-pf
mailing list