version 1.72, 1998/02/19 10:42:30 |
version 1.73, 1998/02/19 10:43:53 |
|
|
<li><strong><font color=#009000>SECURITY FIX</strong></font><br> |
<li><strong><font color=#009000>SECURITY FIX</strong></font><br> |
If the sysctl variable <strong>net.inet.ip.forwarding</strong> is |
If the sysctl variable <strong>net.inet.ip.forwarding</strong> is |
enabled (value 1), but the variable <strong>net.inet.ip.sourceroute</strong> |
enabled (value 1), but the variable <strong>net.inet.ip.sourceroute</strong> |
is disabled (value 0), the kernel will still accept source routing packets |
is disabled (value 0), the kernel will block source routed packets from |
|
going through, but will still accept source routing packets destined for |
itself. Our fix changes the <strong>net.inet.ip.sourceroute</strong> |
itself. Our fix changes the <strong>net.inet.ip.sourceroute</strong> |
variable to mean that all block all source routed packets should be |
variable semantics to mean that all block all source routed packets should |
blocked completely. |
be blocked completely. |
<a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.2/common/sourceroute.patch> |
<a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.2/common/sourceroute.patch> |
A kernel patch is provided</a>. |
A kernel patch is provided</a>. |
<p> |
<p> |