[FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-20:10.ipfw
Ed Maste
emaste at freebsd.org
Tue Apr 21 22:15:44 UTC 2020
On Tue, 21 Apr 2020 at 15:29, Eugene Grosbein <eugen at grosbein.net> wrote:
>
> 21.04.2020 23:55, FreeBSD Security Advisories wrote:
> > =============================================================================
> > FreeBSD-SA-20:10.ipfw Security Advisory
> > The FreeBSD Project
> >
> > Topic: ipfw invalid mbuf handling
>
> [skip]
>
> > IV. Workaround
> >
> > No workaround is available. Systems not using the ipfw firewall are
> > not vulnerable.
>
> This is not true. The problem affects only seldom used rules matching TCP packets
> by list of TCP options (rules with "tcpoptions" keyword) and/or by TCP MSS size
> (rules with matching "tcpmss" keyword, don't mix with "tcp-setmss" action keyword).
I believe this is correct; what about this statement:
No workaround is available. Systems not using the ipfw firewall, and
systems that use the ipfw firewall but without any rules using "tcpoptions"
or "tcpmss" keywords, are not affected.
More information about the freebsd-security
mailing list