PF in certain OpenBSD versions, when stateful filtering is enabled, does not limit packets for a session to the original interface, which allows remote attackers to bypass intended packet filters via spoofed packets to other interfaces.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Openbsd | Openbsd | 3.0 (including) | 3.0 (including) |
Openbsd | Openbsd | 3.1 (including) | 3.1 (including) |
Openbsd | Openbsd | 3.2 (including) | 3.2 (including) |
Openbsd | Openbsd | 3.3 (including) | 3.3 (including) |
Openbsd | Openbsd | 3.4 (including) | 3.4 (including) |