Karl Pielorz
2015-Feb-25 11:24 UTC
FreeBSD Security Advisory FreeBSD-SA-15:04.igmp (fwd) - ipfw fix?
Hi, Presumably if you don't need IGMP, ipfw can be used to mitigate this on hosts until they're patched / rebooted, i.e. ipfw add x deny igmp from any to any ? Thanks, -Karl ---------- Forwarded Message ---------- Date: 25 February 2015 06:29 +0000 From: FreeBSD Security Advisories <security-advisories at freebsd.org> To: FreeBSD Security Advisories <security-advisories at freebsd.org> Subject: FreeBSD Security Advisory FreeBSD-SA-15:04.igmp -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================ FreeBSD-SA-15:04.igmp Security Advisory The FreeBSD Project Topic: Integer overflow in IGMP protocol
Remko Lodder
2015-Feb-25 17:21 UTC
FreeBSD Security Advisory FreeBSD-SA-15:04.igmp (fwd) - ipfw fix?
> On 25 Feb 2015, at 12:24, Karl Pielorz <kpielorz_lst at tdx.co.uk> wrote: > > > Hi, > > Presumably if you don't need IGMP, ipfw can be used to mitigate this on hosts until they're patched / rebooted, i.e. > > ipfw add x deny igmp from any to any > > ?This suggests that you can filter the traffic: Block incoming IGMP packets by protecting your host/networks with a firewall. (Quote from the SA). Br, Remko> > Thanks, > > -Karl > > ---------- Forwarded Message ---------- > Date: 25 February 2015 06:29 +0000 > From: FreeBSD Security Advisories <security-advisories at freebsd.org> > To: FreeBSD Security Advisories <security-advisories at freebsd.org> > Subject: FreeBSD Security Advisory FreeBSD-SA-15:04.igmp > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > ==========================================================================> == FreeBSD-SA-15:04.igmp Security > Advisory The > FreeBSD Project > > Topic: Integer overflow in IGMP protocol > > _______________________________________________ > freebsd-security at freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe at freebsd.org"-- /"\ Best regards, | remko at FreeBSD.org \ / Remko Lodder | remko at EFnet X http://www.evilcoder.org/ | / \ ASCII Ribbon Campaign | Against HTML Mail and News -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 841 bytes Desc: Message signed with OpenPGP using GPGMail URL: <http://lists.freebsd.org/pipermail/freebsd-security/attachments/20150225/70a3d764/attachment.sig>