In message <53629582.9010...@delphij.net>, Xin Li <delp...@delphij.net> wrote: >On 05/01/14 07:19, Karl Pielorz wrote: >> >> >> --On 30 April 2014 04:35:10 +0000 FreeBSD Security Advisories >> <security-advisor...@freebsd.org> wrote: >> >>> II. Problem Description >>> >>> FreeBSD may add a reassemble queue entry on the stack into the >>> segment list when the reassembly queue reaches its limit. The >>> memory from the stack is undefined after the function returns. >>> Subsequent iterations of the reassembly function will attempt to >>> access this entry. >> >> Hi, >> >> Does this require an established TCP session to be present? - i.e. >> If you have a host which provides no external TCP sessions (i.e. >> replies 'Connection Refused' / drops the initial SYN) would that >> still be potentially exploitable? > >No. An established TCP session is required.
I also have a question.... If one manages a system where (a) all local user accounts are completely and 100% trustworthy and where (b) one has in place ipfw rules which reject all incoming packet *fragments* on all outward-facing interfaces, then is this security problem (relating to the reassembly queue) an issue at all for said system? Or is it rather a non-event in such contexts? Regards, rfg _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
