misc/165939: [security bug] incomplete firewall rules loaded if
tables are used in ipfw.conf
Radim Kolar
hsn at sendmail.cz
Sun Mar 11 19:10:14 UTC 2012
>Number: 165939
>Category: misc
>Synopsis: [security bug] incomplete firewall rules loaded if tables are used in ipfw.conf
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Sun Mar 11 19:10:14 UTC 2012
>Closed-Date:
>Last-Modified:
>Originator: Radim Kolar
>Release: 8.2 amd64
>Organization:
FILEZ.com
>Environment:
>Description:
If user has tables used in /etc/ipfw.conf for example:
table 1 add 64.6.108.239
then firewall restart:
/etc/rc.d/ipfw start
fails with:
Line 8: setsockopt(IP_FW_TABLE_ADD): File exists
Firewall rules loaded.
and incomplete ruleset is loaded. This is serious security problem.
>How-To-Repeat:
>Fix:
in /etc/rc.firewall
after ${fwcmd} -f flush
you need to flush tables too with command
ipfw table all flush
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list