Re: FreeBSD Security Advisory FreeBSD-SA-14:08.tcp

看板FB_security作者時間11年前 (2014/05/02 03:01), 編輯推噓0(000)
留言0則, 0人參與, 最新討論串8/21 (看更多)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 05/01/14 07:19, Karl Pielorz wrote: > > > --On 30 April 2014 04:35:10 +0000 FreeBSD Security Advisories > <security-advisories@freebsd.org> wrote: > >> II. Problem Description >> >> FreeBSD may add a reassemble queue entry on the stack into the >> segment list when the reassembly queue reaches its limit. The >> memory from the stack is undefined after the function returns. >> Subsequent iterations of the reassembly function will attempt to >> access this entry. > > Hi, > > Does this require an established TCP session to be present? - i.e. > If you have a host which provides no external TCP sessions (i.e. > replies 'Connection Refused' / drops the initial SYN) would that > still be potentially exploitable? No. An established TCP session is required. > What about boxes used as routers - that just forward the traffic > (and again, offer no TCP services directly themselves)? Routers themselves are not affected assuming that they merely forwards the traffic. Cheers, - -- Xin LI <delphij@delphij.net> https://www.delphij.net/ FreeBSD - The Power to Serve! Live free or die -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (FreeBSD) iQIcBAEBCgAGBQJTYpWCAAoJEJW2GBstM+nsSMYQAJqAv/LFJx8dJ7KEAoVWS2k2 MGt4pPE4yB49C2YWOdsq4qFAl77aAsOeLiO5aKrceqVpe4UOQjXjH3t7yPCTIVh7 CH28ujJgVNYsxcxaaB4puHPEzmtjzovjHbpH2WcNky7+ICjL/cjHWWRdTQ4h80i9 c4vRJOQGkkbRkLBtGyRFLa1NQ+KNYyANWo9bH60RUqm+sBr1VJFGeuxr16CDrPSp 9doTPjwf8NvOtX/BQaWJWFMoGiaVMrRvk6Cx8S4ScBdfiD/v/i/vHYNuVfy85Mbb TJA1ozRk6kI3iHf9Spx5GC4FX1yjzU8m4BFW8n/wqVG+AaeGO4VFFrdo7g1iKqzY bKWWIfBgRT9GlqJoY2DUvHRWKYugJnAWCAgreqJuYPCwo2H3SobwR4Pg9KQcCcUk aeEdLGgUiorxL3uChepXlQ01NgV4s66Czrmiu/8Bw+s8MQzjCNoonxW6+XQXE2g6 fnvPnV4l6RFLzxNwsoIzf/sHYHqtNRq5IAEX3C5BbJ7uDsbeJYTdI5eh1jwIUlCp 8tvFdlbgZOoiPHmIEa4ltorS7fR5rSFLCHekyTFddFuIbosarmZ3psf3tBr35EGE T3R4VYImwz1+Ae/80DsY0XlIMsPKdb4HQKVoGYq55ZOwk+r0ll9EQe9dsO1ZeY+f EcNdqzkX/YVrK7vgxD7h =WHGC -----END PGP SIGNATURE----- _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
更多 delphij. 的文章
文章代碼(AID): #1JOfdkzl (FB_security)
討論串 (同標題文章)
完整討論串 (本文為第 8 之 21 篇):
排序: 最新先 | 最舊先 | 留言數
在新視窗開啟完整討論串 (共21篇)
更多 delphij. 的文章
文章代碼(AID): #1JOfdkzl (FB_security)