version 1.23, 2009/04/11 23:46:45 |
version 1.24, 2009/04/13 08:45:40 |
|
|
When pf attempts to perform translation on a specially crafted IP datagram, |
When pf attempts to perform translation on a specially crafted IP datagram, |
a null pointer dereference will occur, resulting in a kernel panic. |
a null pointer dereference will occur, resulting in a kernel panic. |
In certain configurations this may be triggered by a remote attacker. |
In certain configurations this may be triggered by a remote attacker. |
<p> |
<br> |
Restricting translation rules to protocols that are specific to the IP version |
Restricting translation rules to protocols that are specific to the IP version |
in use, is an effective workaround until the patch can be installed. As an |
in use, is an effective workaround until the patch can be installed. As an |
example, for IPv4 nat/binat/rdr rules you can use: |
example, for IPv4 nat/binat/rdr rules you can use: |