Re: FreeBSD Security Advisory FreeBSD-SA-14:08.tcp
In message <53629582.9010605@delphij.net>, Xin Li <delphij@delphij.net> wrote:
>On 05/01/14 07:19, Karl Pielorz wrote:
>>
>>
>> --On 30 April 2014 04:35:10 +0000 FreeBSD Security Advisories
>> <security-advisories@freebsd.org> wrote:
>>
>>> II. Problem Description
>>>
>>> FreeBSD may add a reassemble queue entry on the stack into the
>>> segment list when the reassembly queue reaches its limit. The
>>> memory from the stack is undefined after the function returns.
>>> Subsequent iterations of the reassembly function will attempt to
>>> access this entry.
>>
>> Hi,
>>
>> Does this require an established TCP session to be present? - i.e.
>> If you have a host which provides no external TCP sessions (i.e.
>> replies 'Connection Refused' / drops the initial SYN) would that
>> still be potentially exploitable?
>
>No. An established TCP session is required.
I also have a question....
If one manages a system where (a) all local user accounts are completely
and 100% trustworthy and where (b) one has in place ipfw rules which reject
all incoming packet *fragments* on all outward-facing interfaces, then is
this security problem (relating to the reassembly queue) an issue at all
for said system? Or is it rather a non-event in such contexts?
Regards,
rfg
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
討論串 (同標題文章)
完整討論串 (本文為第 10 之 21 篇):