mbuf vulnerability
Sheldon Hearn
sheldonh at starjuice.net
Mon Mar 1 02:36:28 PST 2004
On (2004/02/29 19:03), Mike Silbersack wrote:
> > http://docs.freebsd.org/cgi/mid.cgi?200402260743.IAA18903
> >
> > it seems RELENG_4 is vulnerable. Is there any work around to a system that
> > has to have ports open ?
>
> There is no way to fix this issue without kernel modifications. A fix has
> been committed to -current, someone on the security team can probably
> provide information on when the MFC will be appearing.
Owch.
The advisory says the DoS works by sending many out-of-sequence packets.
Do you know how out-of-sequence do the packets have to be? I ask
because if they have to be significantly staggered, then my IPFilter
firewall might offer me some protection and I can start breathing again.
Ciao,
Sheldon.
More information about the freebsd-security
mailing list