OpenBSD/FreeBSD pf issue ?

Max Laier max at
Mon Apr 13 13:47:08 PDT 2009

On Monday 13 April 2009 20:58:14 Mike Tancsa wrote:
> Not sure if this impacts FreeBSD or not ?

It looks like FreeBSD is not vulnerable to this - it seems the problem was 
introduced with OpenBSD pf.c rev. 1.539 (which first appeared in OpenBSD 4.2).  
Our last full import was OpenBSD 4.1 which doesn't include the vulnerability.

Please note that this a preliminary assessment - I will follow-up with a 
proper version as soon as more people have looked at the situation.  Feel free 
to pitch in if you see remaining problems in the FreeBSD version of pf.c - 
maybe off-list.

In addition it might make sense to drop this kind of packets as part of the 
"scrub" process, but that is not an immediate concern at this point.

/"\  Best regards,                      | mlaier at
\ /  Max Laier                          | ICQ #67774661
 X  | mlaier at EFnet
/ \  ASCII Ribbon Campaign              | Against HTML Mail and News

More information about the freebsd-pf mailing list