Date: Fri, 26 Jan 2001 17:36:33 +0100 From: Martin Ibert <mib@asdis.de> To: freebsd-security@freebsd.org Subject: Another problem with the ipfw patch - even bigger hole in the firewall on 4.0R (was: Re: ipfw security patch problem..) Message-ID: <5.0.0.25.1.20010126173443.02d9e1e8@pop3.itp.asdis.de>
next in thread | raw e-mail | index | archive | help
[Sorry Justin! I forgot to Cc: the list when I replied to your mail, so you= =20 now have it twice. :-( ] At 08:00 26.01.2001 +0200, you wrote: >I upgraded my ipfw yesterday on my 4.0-STABLE system with the patch by >following the instructions to the letter for the security bug discovered >by Aragon Gouveia, and compile and install appeared to go seamlessly. We also tried to patch a 4.0-RELEASE system. We worked according to the=20 step-by-step instructions provided in the advisory. Some patches were=20 rejected and had to be done by hand, but apart from that, no major problems= =20 were discovered during build and install. However, the resulting combination of kernel and ipfw tool did not work! It= =20 appears that the firewall took EVERY tcp packet to be part of an=20 "establised" connection and happily past setup packets in and out. We quickly retraced our steps and reverted the system to its pre-patched= state. Did anyone experience the same problems as we did? And does anyone have a=20 solution (short of upgrading to 4.2-RELEASE or better?) --=20 --------------------------------------------------------------- Dipl.-Inform. Martin Ibert - phone: +49-30-20631-607, fax: -199 - ASDIS Software AG, Neue Gr=FCnstra=DFe 25, D-10179 Berlin-Mitte - ---------------- http://www.asdis.de/ -- mailto:mib@asdis.de -- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5.0.0.25.1.20010126173443.02d9e1e8>