[FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-20:10.ipfw
Eugene Grosbein
eugen at grosbein.net
Tue Apr 21 19:29:06 UTC 2020
21.04.2020 23:55, FreeBSD Security Advisories wrote:
> =============================================================================
> FreeBSD-SA-20:10.ipfw Security Advisory
> The FreeBSD Project
>
> Topic: ipfw invalid mbuf handling
[skip]
> IV. Workaround
>
> No workaround is available. Systems not using the ipfw firewall are
> not vulnerable.
This is not true. The problem affects only seldom used rules matching TCP packets
by list of TCP options (rules with "tcpoptions" keyword) and/or by TCP MSS size
(rules with matching "tcpmss" keyword, don't mix with "tcp-setmss" action keyword).
Systems not using "tcpoptions" nor "tcpmss" keywords to match TCP packets are not affected.
For example, system using any of default templates (open/client/simple/closed/workstation) are not affected.
Please consider re-checking this and adjusting the Advisory.
More information about the freebsd-security
mailing list