Re: FreeBSD Security Advisory FreeBSD-SA-14:08.tcp
--On 1 May 2014 11:42:10 -0700 Xin Li <delphij@delphij.net> wrote:
>> Does this require an established TCP session to be present? - i.e.
>> If you have a host which provides no external TCP sessions (i.e.
>> replies 'Connection Refused' / drops the initial SYN) would that
>> still be potentially exploitable?
>
> No. An established TCP session is required.
>
>> What about boxes used as routers - that just forward the traffic
>> (and again, offer no TCP services directly themselves)?
>
> Routers themselves are not affected assuming that they merely forwards
> the traffic.
That's great - thanks for clarifying... We have a number of boxes that you
can't (from the Internet) get a TCP session to, whilst they will still have
to be patched [to protect them from our 'admin' networks] - we can use that
mitigation to schedule a better patch install / reboot schedule,
Regards,
-Karl
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
討論串 (同標題文章)
完整討論串 (本文為第 8 之 21 篇):