Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 21 Nov 2014 10:52:05 +0000
From:      "Bjoern A. Zeeb" <bz@FreeBSD.org>
To:        Craig Rodrigues <rodrigc@FreeBSD.org>
Cc:        FreeBSD Net <freebsd-net@freebsd.org>, "freebsd-virtualization@freebsd.org" <freebsd-virtualization@freebsd.org>, freebsd-arch <freebsd-arch@freebsd.org>
Subject:   Re: VIMAGE + pf security fix?
Message-ID:  <D6419901-F61B-4599-B4AA-D3E64A79C690@FreeBSD.org>
In-Reply-To: <CAG=rPVewFvRWhVAk-3_A8NS2_MbymsX1wBQbcbOfg6RgTfiw1w@mail.gmail.com>
References:  <CAG=rPVfRmoaGvcCnDdBSF6=NxEfi7=PhbQkncb6Z_WrRMZtjmQ@mail.gmail.com> <CAG=rPVewFvRWhVAk-3_A8NS2_MbymsX1wBQbcbOfg6RgTfiw1w@mail.gmail.com>

next in thread | previous in thread | raw e-mail | index | archive | help

On 21 Nov 2014, at 08:06 , Craig Rodrigues <rodrigc@FreeBSD.org> wrote:

> On Thu, Nov 20, 2014 at 10:07 AM, Craig Rodrigues =
<rodrigc@freebsd.org>
> wrote:
>=20
>> On Wed, Nov 19, 2014 at 6:05 AM, Bjoern A. Zeeb <bz@freebsd.org> =
wrote:
>>=20
>>>=20
>>> For people to use pf with VIMAGE we first MUST have the security fix
>>> imported that I pointed out a couple of times in the past.
>>>=20
>>=20
>> At this link: =
http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2010-3830
>>=20
>> I see the security issue mentioned, but I can't find the patch that =
fixes
>> the problem.
>> Where is the patch?
>>=20
>=20
> I read this link:
> =
http://esec-lab.sogeti.com/post/2010/12/09/CVE-2010-3830-iOS-4.2.1-packet-=
filter-local-kernel-vulnerability
>=20
> and I think this is the fix:
> =
http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys/net/pf_ioctl.c?rev=3D1.23=
6&content-type=3Dtext/x-cvsweb-markup
>=20
> but I can=92t even apply that patch to our pf_ioctl.c.

to my best knowledge we have never pulled a fix for this in.  The last =
=93sync=94 of pf was way before that vulnerability (unless I completely =
missed something).

=97=20
Bjoern A. Zeeb             "Come on. Learn, goddamn it.", WarGames, 1983




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?D6419901-F61B-4599-B4AA-D3E64A79C690>