ipfw in FreeBSD does not properly handle the use of me in its rules when point to point interfaces are used, which causes ipfw to allow connections from arbitrary remote hosts.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Freebsd | Freebsd | 4.3 (including) | 4.3 (including) |
References
- ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:53.ipfw.asc
- http://www.osvdb.org/1937
- http://www.securityfocus.com/bid/3206
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7002
- ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:53.ipfw.asc
- http://www.osvdb.org/1937
- http://www.securityfocus.com/bid/3206
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7002