kern/73276: ipfw2 vulnerability (parser error)
Alexey V. Tolstenok <alex at antar.bryansk.ru>
alex at antar.bryansk.ru
Fri Oct 29 04:10:15 PDT 2004
>Number: 73276
>Category: kern
>Synopsis: ipfw2 vulnerability (parser error)
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Fri Oct 29 11:10:15 GMT 2004
>Closed-Date:
>Last-Modified:
>Originator: Alexey V. Tolstenok <alex at antar.bryansk.ru>
>Release: FreeBSD 5.3-RC1 i386
>Organization:
Sviaz-Service-Internet
>Environment:
System: FreeBSD 5.3-RC1 #0: Sat Oct 23 21:45:36 GMT 2004
alex@:/usr/obj/usr/src/sys/KERNEL
>Description:
ipfw parser accepts any number of escaped closing parenthesis despite of number of opening ones
>How-To-Repeat:
Just type such string in shell prompt:
ipfw add 100 allow ip from 192.168.0.0/24\{1,2\}\}\}\}\}\}\}\}\}\} to any
>Fix:
Unknown to me
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list