Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: FreeBSD packet filter (pf) DoS using fragments. - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
FreeBSD packet filter (pf) DoS using fragments.
FreeBSD announced a patch for a vulnerability that can trigger a kernel panic due to crafted fragments and their handling in pf(4).

Workrounds are available: do not use "scrub fragment crop" or "scrub fragment drop-ovl" in the pf.conf(5)

More information:
--
Swa Frantzen
Swa

760 Posts

Sign Up for Free or Log In to start participating in the conversation!