| version 1.72, 1998/02/19 10:42:30 |
version 1.73, 1998/02/19 10:43:53 |
|
|
| <li><strong><font color=#009000>SECURITY FIX</strong></font><br> |
<li><strong><font color=#009000>SECURITY FIX</strong></font><br> |
| If the sysctl variable <strong>net.inet.ip.forwarding</strong> is |
If the sysctl variable <strong>net.inet.ip.forwarding</strong> is |
| enabled (value 1), but the variable <strong>net.inet.ip.sourceroute</strong> |
enabled (value 1), but the variable <strong>net.inet.ip.sourceroute</strong> |
| is disabled (value 0), the kernel will still accept source routing packets |
is disabled (value 0), the kernel will block source routed packets from |
| |
going through, but will still accept source routing packets destined for |
| itself. Our fix changes the <strong>net.inet.ip.sourceroute</strong> |
itself. Our fix changes the <strong>net.inet.ip.sourceroute</strong> |
| variable to mean that all block all source routed packets should be |
variable semantics to mean that all block all source routed packets should |
| blocked completely. |
be blocked completely. |
| <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.2/common/sourceroute.patch> |
<a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.2/common/sourceroute.patch> |
| A kernel patch is provided</a>. |
A kernel patch is provided</a>. |
| <p> |
<p> |
![[BACK]](/icons/back.gif){kind=icon}
Return to errata.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www