[16034] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Ip packet filtering with bridging on freebsd

daemon@ATHENA.MIT.EDU (Darren Reed)
Tue Aug 1 17:11:38 2000

MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Message-ID:  <200007312114.HAA29256@cairo.anu.edu.au>
Date:         Tue, 1 Aug 2000 07:14:50 +1000
Reply-To: Darren Reed <avalon@COOMBS.ANU.EDU.AU>
From: Darren Reed <avalon@COOMBS.ANU.EDU.AU>
To: BUGTRAQ@SECURITYFOCUS.COM

If someone is doing packet filtering using ipfw to do packet filtering
with a FreeBSD box configured to do bridging, it is relatively easy to
make the box go "boom" as none of the standard header sanity checks
are done prior to the filter routine being called (check /sys/net/bridge.c)
It is a feature "copied" from OpenBSD but somehow large amounts of code
were not copied and bugs resulted.


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[16034] in bugtraq

Ip packet filtering with bridging on freebsd

daemon@ATHENA.MIT.EDU (Darren Reed)Tue Aug 1 17:11:38 2000

daemon@ATHENA.MIT.EDU (Darren Reed)
Tue Aug 1 17:11:38 2000