--On 30 April 2014 04:35:10 +0000 FreeBSD Security Advisories
<[email protected]> wrote:
II. Problem Description
FreeBSD may add a reassemble queue entry on the stack into the segment
list when the reassembly queue reaches its limit. The memory from the
stack is undefined after the function returns. Subsequent iterations of
the reassembly function will attempt to access this entry.
Hi,
Does this require an established TCP session to be present? - i.e. If you
have a host which provides no external TCP sessions (i.e. replies
'Connection Refused' / drops the initial SYN) would that still be
potentially exploitable?
What about boxes used as routers - that just forward the traffic (and
again, offer no TCP services directly themselves)?
-Karl
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "[email protected]"
