FreeBSD Security Advisory FreeBSD-SA-01:08 - A vulnerability in ipfw and ip6fw allows bypassing of firewalls which make use of the 'established' qualifier, such as "allow tcp from any to any established". Due to overloading of the TCP reserved flags field, ipfw incorrectly treats all TCP packets with the ECE flag set as being part of an established TCP connection, which will therefore match a corresponding ipfw rule containing the 'established' qualifier, even if the packet is not part of an established connection. The ECE flag is part of an experimental extension to TCP. At least one other major operating system will emit TCP packets with the ECE flag set under certain operating conditions. All released versions of FreeBSD prior to the correction date including FreeBSD 3.5.1 and FreeBSD 4.2 are vulnerable.
a86476e1628aed06b3b85bb5a0723201799197b19fa72a9457265207364bde18
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed