Subject: ipfilter security issue
To: None <tech-security@netbsd.org>
From: Janne Snabb <snabb@ssh.com>
List: tech-security
Date: 04/27/2001 00:19:23
Hi,
Recently a serious bug was found in the ipfilter fragment cache code.
FreeBSD etc. have issued an advisory and a patch a long time ago,
but I haven't seen anything related to NetBSD. No advisory, no patch,
no comments whatsoever.
I would like to ask, if someone could confirm this:
- is NetBSD not vulnerable for some reason?
- are there plans to issue advisories or patches?
- are there plans to upgrade NetBSD-current to non-vulnerable
version of ipfilter (which is developed independetly of NetBSD)?
This might cause some headaches to anyone who is using NetBSD as an IP
filtering firewall solution.
--
Janne Snabb
snabb@ssh.com