FreeBSD Security Advisory FreeBSD-SA-14:08.tcp
Karl Pielorz
kpielorz_lst at tdx.co.uk
Thu May 1 18:51:44 UTC 2014
--On 1 May 2014 11:42:10 -0700 Xin Li <delphij at delphij.net> wrote:
>> Does this require an established TCP session to be present? - i.e.
>> If you have a host which provides no external TCP sessions (i.e.
>> replies 'Connection Refused' / drops the initial SYN) would that
>> still be potentially exploitable?
>
> No. An established TCP session is required.
>
>> What about boxes used as routers - that just forward the traffic
>> (and again, offer no TCP services directly themselves)?
>
> Routers themselves are not affected assuming that they merely forwards
> the traffic.
That's great - thanks for clarifying... We have a number of boxes that you
can't (from the Internet) get a TCP session to, whilst they will still have
to be patched [to protect them from our 'admin' networks] - we can use that
mitigation to schedule a better patch install / reboot schedule,
Regards,
-Karl
More information about the freebsd-security
mailing list