On 15 Aug 2018, at 15:25, Alexandr Krivulya wrote:
Hi, freebsd-security
Can CVE-2018-6922 be addressed by pf's fragment reassemble and
reassemble tcp options or can it potentially lead to memory overflow
(set limit frags?) when this options enabled?
No. While pf does limit the maximum number of IP fragments it’ll hold
on to, this number is large enough that it’s still possible to cause
the it to use excessive amounts of CPU time.
pf does not reassemble tcp segments, so it won’t protect you agains
that variant of the attack. The good news there is that it is not itself
vulnerable to it (for the same reason).
I’m looking into limiting the number of fragments per packet to ensure
there can’t be excessive CPU use, but that’s not ready to be
committed yet.
—
Kristof
_______________________________________________
[email protected] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "[email protected]"
