Fwd: [FreeBSD-Announce] FreeBSD Security Advisory
FreeBSD-SA-05:15.tcp
Simon L. Nielsen
simon at FreeBSD.org
Fri Jul 1 11:15:10 GMT 2005
On 2005.07.01 13:01:05 +0200, Daniel Hartmeier wrote:
> On Thu, Jun 30, 2005 at 09:32:27AM -0500, BB wrote:
>
> > I assume without upgrading the mighty pf would handle this ?
>
> Yes.
>
> The unpatched vulnerability can be exploited (to stall a connection) by
> spoofing only four (4) small packets, by choosing random sequence and
> timestamp values and their integer opposites[1]. Hence, exploiting it is
> relatively cheap, quick, and reliable.
Note that there is also another vulnerability (addressed in the same
advisory) here where there FreeBSD TCP stack accepted a SYN packet for
an established connection.
I would assume that pf's packet scrubbing would handle that and not
let a SYN packet through for an established connection?
--
Simon L. Nielsen
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-pf/attachments/20050701/1323cc09/attachment.bin
More information about the freebsd-pf
mailing list