From owner-freebsd-ipfw@FreeBSD.ORG Wed Apr 14 04:27:23 2004 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7393616A4CE for ; Wed, 14 Apr 2004 04:27:23 -0700 (PDT) Received: from smtp3.euronet.nl (smtp3.euronet.nl [194.134.35.173]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3250043D39 for ; Wed, 14 Apr 2004 04:27:23 -0700 (PDT) (envelope-from dodell@offmyserver.com) Received: from offmyserver.com (zp-c-13e65.mxs.adsl.euronet.nl [81.69.92.101]) by smtp3.euronet.nl (Postfix) with ESMTP id 109323A03E; Wed, 14 Apr 2004 13:27:22 +0200 (MEST) Message-ID: <407D1F3A.6070607@offmyserver.com> Date: Wed, 14 Apr 2004 13:23:38 +0200 From: "Devon H. O'Dell" User-Agent: Mozilla Thunderbird 0.5 (Windows/20040207) X-Accept-Language: en-us, en MIME-Version: 1.0 To: sd@buc.com.ua References: <200403171648.i2HGmWwS015144@freefall.freebsd.org> <407D1E4F.4000500@buc.com.ua> In-Reply-To: <407D1E4F.4000500@buc.com.ua> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-ipfw@freebsd.org Subject: Re: IPFW ECE Firewall Bypassing Exploit X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Apr 2004 11:27:23 -0000 Dmitry Surovtsev wrote: > securiteam news (http://www.securiteam.com/exploits/5CP0B0UCKU.html): > > A vulnerability in FreeBSD's implementation of packet filtering for IPv4 > and IPv6 has been found. The vulnerability allows specially crafted > packets that are not part of an established connection to go through the > firewall. These special packets must have the ECE flag set, which is in > the TCP reserved options field. > > [snip] Hello Dmitry, This bug was fixed circa three years ago. Please see the date on the exploit. Kind regards, Devon H. O'Dell