OpenBSD PF IP Fragment Remote Denial Of Service

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

OpenBSD PF IP Fragment Remote Denial Of Service

Subcommander l0r3zz
This came across security focus and I haven't seen it mentioned here.
THey claim 3.8 is vulnerable, anybody know anything?

l0r3zz




06.4.12 CVE: CVE-2006-0381
Platform: BSD
Title: OpenBSD PF IP Fragment Remote Denial Of Service
Description: PF is a packet filtering package that is integrated into
the operating system's kernel. OpenBSD's PF is susceptible to a remote

denial of service vulnerability. This issue is due to a flaw in
affected kernels that results in a kernel crash when attempting to
normalize IP fragments. For a list of vulnerable versions, see the
reference below.

Ref: http://www.securityfocus.com/bid/16375

Reply | Threaded
Open this post in threaded view
|

Re: OpenBSD PF IP Fragment Remote Denial Of Service

Dries Schellekens
Subcommander l0r3zz wrote:

> This came across security focus and I haven't seen it mentioned here.
> THey claim 3.8 is vulnerable, anybody know anything?

This has been fixed in -current, 3.8-stable and 3.7-stable.

This crash only works if you have 'scrub fragment crop' or 'scrub
fragment drop-ovl' in your pf rules. Not a lot of people use this option
so there is no patch on errata.hml


Cheers,

Dries

Reply | Threaded
Open this post in threaded view
|

Re: OpenBSD PF IP Fragment Remote Denial Of Service

mk-11
Hello everybody

I undersatnd that this issue doesn't affect many people even though I'd like
to know about the problem.
Is there any mailing list related to newly discovered security problems in
OpenBSD? I know only about security-announce list but as far as I know there
are only messages related to Errata patches and to be hones I haven't seen
an email from this list for really long time.
In my opinion it is very important to have information about all potentional
risks. For example this problem in PF: I have information about it only from
this mailing list and I think I was lucky that I spoted this among many
others messages and topics.
Maybe it is my fault by I'm just a human and I just do not have time to get
through all emails on many lists, search for new bugs on SecurityFocus,
Secunia and so on.
So my question is simple, is there any project which delas in all security
problems in OpenBSD? Or is it really necessary to check misc list and other
lists, many webpages every day?

Thank you
Best Regards
MK

----- Original Message -----
From: "Dries Schellekens" <[hidden email]>
To: "Subcommander l0r3zz" <[hidden email]>
Cc: <[hidden email]>
Sent: Wednesday, February 01, 2006 9:28 AM
Subject: Re: OpenBSD PF IP Fragment Remote Denial Of Service


> Subcommander l0r3zz wrote:
>
>> This came across security focus and I haven't seen it mentioned here.
>> THey claim 3.8 is vulnerable, anybody know anything?
>
> This has been fixed in -current, 3.8-stable and 3.7-stable.
>
> This crash only works if you have 'scrub fragment crop' or 'scrub fragment
> drop-ovl' in your pf rules. Not a lot of people use this option so there
> is no patch on errata.hml
>
>
> Cheers,
>
> Dries

Reply | Threaded
Open this post in threaded view
|

Re: OpenBSD PF IP Fragment Remote Denial Of Service

Joachim Schipper
On Wed, Feb 01, 2006 at 10:45:39AM +0100, MK wrote:

> Hello everybody
>
> I undersatnd that this issue doesn't affect many people even though I'd
> like to know about the problem.
> Is there any mailing list related to newly discovered security problems in
> OpenBSD? I know only about security-announce list but as far as I know
> there are only messages related to Errata patches and to be hones I haven't
> seen an email from this list for really long time.
> In my opinion it is very important to have information about all
> potentional risks. For example this problem in PF: I have information about
> it only from this mailing list and I think I was lucky that I spoted this
> among many others messages and topics.
> Maybe it is my fault by I'm just a human and I just do not have time to get
> through all emails on many lists, search for new bugs on SecurityFocus,
> Secunia and so on.
> So my question is simple, is there any project which delas in all security
> problems in OpenBSD? Or is it really necessary to check misc list and other
> lists, many webpages every day?

There are quite a few security lists which are likely to have this
information[1]. Some even offer RSS, which might be useful for some.

But otherwise, not that I know of. Reading source-changes will get you
the definitive answer, of course.

                Joachim

[1] Though I must admit to not having seen this on either
Full-Disclosure or Bugtraq - did I overlook it, or ...?

Reply | Threaded
Open this post in threaded view
|

Re: OpenBSD PF IP Fragment Remote Denial Of Service

Rob W
In reply to this post by Subcommander l0r3zz
MK wrote:
>So my question is simple, is there any project which delas in all security
>problems in OpenBSD? Or is it really necessary to check misc list and other
>lists, many webpages every day?

You have to read source-changes or view the cvs logs. It is apparently only
in commit comments such tings are revealed.

I was informed about this by freebsd-security-notifications.

// Rob

_________________________________________________________________
Opret en personlig blog og del dine billeder pe MSN Spaces:  
http://spaces.msn.com/

Reply | Threaded
Open this post in threaded view
|

Re: OpenBSD PF IP Fragment Remote Denial Of Service

chris_honschu
In reply to this post by Joachim Schipper
Am Mittwoch, 1. Februar 2006 11:33 schrieb Joachim Schipper:

> There are quite a few security lists which are likely to have
> this information.

What about a grep "OpenBSD" on these security lists and/or a grep -i
"security" on the source-changes to filter out info?