mbuf vulnerability
Darren Reed
avalon at caligula.anu.edu.au
Tue Mar 2 10:08:09 PST 2004
In some mail from Mike Silbersack, sie said:
> On Wed, 3 Mar 2004, Darren Reed wrote:
> > Uh, what did you test and what did you test with ?
>
> FreeBSD 4.9 with ipf.
>
> > "strict" requires that the sequence number in packet n should match
> > what that sequence number of the last byte in packet n-1 - i.e. no
> > out of order delivery is permitted.
> >
> > Darren
>
> strict isn't in the ipf manpage, and ipf complains when I try using it.
>
> I did some more google searching which implies that "strict" is available
> in ipfilter 4.x, not the 3.x series that ships with FreeBSD.
Right, so your comment about it "not working" applies to 3.x (which
is what comes with freebsd, currently), which is what i was hoping :)
My comment was to say that with ipf4, you can address this problem.
darren
More information about the freebsd-security
mailing list