From nobody Wed Dec 06 17:37:01 2023 X-Original-To: dev-commits-ports-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Sll3702vKz53jq4; Wed, 6 Dec 2023 17:37:23 +0000 (UTC) (envelope-from dan@langille.org) Received: from out2-smtp.messagingengine.com (out2-smtp.messagingengine.com [66.111.4.26]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4Sll365Tg1z4cFN; Wed, 6 Dec 2023 17:37:22 +0000 (UTC) (envelope-from dan@langille.org) Authentication-Results: mx1.freebsd.org; none Received: from compute7.internal (compute7.nyi.internal [10.202.2.48]) by mailout.nyi.internal (Postfix) with ESMTP id E935E5C0297; Wed, 6 Dec 2023 12:37:21 -0500 (EST) Received: from imap42 ([10.202.2.92]) by compute7.internal (MEProxy); Wed, 06 Dec 2023 12:37:21 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=langille.org; h= cc:content-type:content-type:date:date:from:from:in-reply-to :in-reply-to:message-id:mime-version:references:reply-to:sender :subject:subject:to:to; s=fm1; t=1701884241; x=1701970641; bh=ky U86fBKpC/SIURwAwvkTVNTBNV0HUkLLU8LDEOSl/Q=; b=kFnq3U+u2DjRrCrfCI 3OHY1gT4nAG4my9SaSRmTawxM1YvzhYgVZ643lZ/yz6cs/s6CS6I22wgxR0Jbd9n 36I9u2635PgyHq7LGXZ5GfDNSuBWGRT66s2iBYU1gV+N0kdBeDscbK9fecG4G1rA 3i1ESOKNo6mtFyX2/6KMUI3WAspoVrJQuqAvWbSza4sjvLTB8lmD3a9pA7N70MNB d2Hhs/wl5wTX9lFH32pAUO6AZHkVpcDIFYT8YFiY0azn9SQ6VfENdlkm76y0/ulq HRCeDGml3ubv55jSfN+djjwB2jcBKfrT7Dj9Fs3XcfYmq9WtnQ+VmM6ArHRrqZO0 /B4A== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:sender:subject :subject:to:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm1; t=1701884241; x=1701970641; bh=kyU86fBKpC/SI URwAwvkTVNTBNV0HUkLLU8LDEOSl/Q=; b=kv5momD0sOMR1G/I1SCVwuIndWEQp nPmoj4yXiti/7cLoOgU//9g0SCErFguXvZA+uY+Oc60yrkcAZoRioMXVBSfJ3BxE HyqvxS2QXwIhYS/M4J+Gc5dxgq7TEwETwmlU9ezsdpMq0TQZ9/pA60srtDKo7tnS zDxoNIV/1rM4YlUktJacDi9TSbyJLWAySiYIcghk3wPf5XqUepJVGQhIVpRf2Vdw MzxLU7bN1B4wstQQ3kKw+aipVyh1R073GULO/Id5asqKKQrrtxC79NL0DS1HAzAQ CH3M/ekspjvJXFst/Q1zhH/AO1HBtszolbMV7ctlLJhGcTgJkKNKL+gvA== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvkedrudektddguddthecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecuogfuuhhsphgvtghtffhomhgrihhnucdlgeelmd enucfjughrpefofgggkfgjfhffhffvufgtsehttdertderredtnecuhfhrohhmpedfffgr nhcunfgrnhhgihhllhgvfdcuoegurghnsehlrghnghhilhhlvgdrohhrgheqnecuggftrf grthhtvghrnhepgeelffeluddvteeiieejieekfefgtdevtdekgeffiefhjeegffduuddt jeefueelnecuffhomhgrihhnpehfrhgvvggsshgurdhorhhgpdiffedrohhrghdpudejrd hpfhenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpegu rghnsehlrghnghhilhhlvgdrohhrgh X-ME-Proxy: Feedback-ID: ifbf9424e:Fastmail Received: by mailuser.nyi.internal (Postfix, from userid 501) id A3C43BC007C; Wed, 6 Dec 2023 12:37:21 -0500 (EST) X-Mailer: MessagingEngine.com Webmail Interface User-Agent: Cyrus-JMAP/3.9.0-alpha0-1178-geeaf0069a7-fm-20231114.001-geeaf0069 List-Id: Commit messages for all branches of the ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-all@freebsd.org X-BeenThere: dev-commits-ports-all@freebsd.org MIME-Version: 1.0 Message-Id: <4c967ca4-bfa1-4e30-b330-feb94d6c765b@app.fastmail.com> In-Reply-To: <202312052304.3B5N4IOf078862@gitrepo.freebsd.org> References: <202312052304.3B5N4IOf078862@gitrepo.freebsd.org> Date: Wed, 06 Dec 2023 12:37:01 -0500 From: "Dan Langille" To: "Philip Paeps" , ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: Re: git: a580d36be4c7 - main - security/vuxml: add FreeBSD SA released on 2023-12-05 Content-Type: text/plain X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:19151, ipnet:66.111.4.0/24, country:US] X-Spamd-Bar: ---- X-Rspamd-Queue-Id: 4Sll365Tg1z4cFN On Tue, Dec 5, 2023, at 6:04 PM, Philip Paeps wrote: > The branch main has been updated by philip: > > URL: > https://cgit.FreeBSD.org/ports/commit/?id=a580d36be4c7a18862a6a110e8bc2ba14e695125 > > commit a580d36be4c7a18862a6a110e8bc2ba14e695125 > Author: Philip Paeps > AuthorDate: 2023-12-05 23:01:20 +0000 > Commit: Philip Paeps > CommitDate: 2023-12-05 23:01:20 +0000 > > security/vuxml: add FreeBSD SA released on 2023-12-05 > > FreeBSD-SA-23:17.pf affects all supported releases (12.4, 13.2, 14.0). > --- > security/vuxml/vuln/2023.xml | 41 +++++++++++++++++++++++++++++++++++++++++ > 1 file changed, 41 insertions(+) > > diff --git a/security/vuxml/vuln/2023.xml b/security/vuxml/vuln/2023.xml > index c484528898f7..6516a6a58f8a 100644 > --- a/security/vuxml/vuln/2023.xml > +++ b/security/vuxml/vuln/2023.xml > @@ -1,3 +1,44 @@ > + > + FreeBSD -- TCP spoofing vulnerability in pf(4) > + > + > + FreeBSD-kernel > + 14.014.0_2 > + 13.213.2_7 Houston, we have a problem. [17:31 r730-03 dvl ~] % freebsd-version -ukr 13.2-RELEASE-p4 13.2-RELEASE-p4 13.2-RELEASE-p7 [17:35 r730-03 dvl ~] % /usr/local/etc/periodic/security/405.pkg-base-audit Checking for security vulnerabilities in base (userland & kernel): Host system: Database fetched: 2023-12-06T07:45+00:00 FreeBSD-kernel-13.2_4 is vulnerable: FreeBSD -- TCP spoofing vulnerability in pf(4) CVE: CVE-2023-6534 WWW: https://vuxml.FreeBSD.org/freebsd/9cbbc506-93c1-11ee-8e38-002590c1f29c.html 1 problem(s) in 1 installed package(s) found. 0 problem(s) in 0 installed package(s) found. ... I hope to avoid a situation where false positives continue until the user land and kernel are on the patch levels. > + 12.412.4_9 > + > + > + > + > +

Problem Description:

> +

As part of its stateful TCP connection tracking implementation, > + pf performs sequence number validation on inbound packets. This > + makes it difficult for a would-be attacker to spoof the sender and > + inject packets into a TCP stream, since crafted packets must contain > + sequence numbers which match the current connection state to avoid > + being rejected by the firewall.

> +

A bug in the implementation of sequence number validation means > + that the sequence number is not in fact validated, allowing an > + attacker who is able to impersonate the remote host and guess the > + connection's port numbers to inject packets into the TCP stream.

> +

Impact:

> +

An attacker can, with relatively little effort, inject packets > + into a TCP stream destined to a host behind a pf firewall. This > + could be used to implement a denial-of-service attack for hosts > + behind the firewall, for example by sending TCP RST packets to the > + host.

> + > + > + > + CVE-2023-6534 > + SA-23:17.pf > + > + > + 2023-12-05 > + 2023-12-05 > + > + > + > > varnish -- HTTP/2 Rapid Reset Attack > -- Dan Langille dan@langille.org