Source-Changes-D archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Fwd: Re: CVS commit: src/sys/netinet

Le 10/02/2018 à 23:49, David H. Gutteridge a écrit :
On Mon, 05 Feb 2018, at 13:23:11 +0000, Maxime Villard wrote:
Module Name:    src
Committed By:   maxv
Date:           Mon Feb  5 13:23:11 UTC 2018

Modified Files:
        src/sys/netinet: ip_input.c

Log Message:
Disable ip_allowsrcrt and ip_forwsrcrt. Enabling them by default was a
completely dumb idea, because they have security implications.

By sending an IPv4 packet containing an LSRR option, an attacker will
cause the system to forward the packet to another IPv4 address - and
this way he white-washes the source of the packet.

It is also possible for an attacker to reach hidden networks: if a
has a public address, and a private one on an internal network (network
which has several internal machines connected), the attacker can send a
packet with:

        source =
        destination = public address of the server
        LSRR first address = address of a machine on the internal

And the packet will be forwarded, by the server, to the internal
in some cases even with the internal IP address of the server as a


This particular fix has been pulled up to the various 6.x and 7.x
branches, but not to 8.0_BETA. Is that still pending because it's part
of a larger planned change set?



Home | Main Index | Thread Index | Old Index