"Crist J. Clark" <[email protected]> wrote: > Arguments on the severity of the bug aside, FreeBSD does not > have a working RFC2385 implementation. It looks like bms@ committed half of one in February: http://docs.freebsd.org/cgi/getmsg.cgi?fetch=1056731+0+/usr/local/www/db/text/2004/cvs-all/20040215.cvs-all The vulnerability would still exist when the spoofed packets are directed towards a FreeBSD router, but it looks like this would protect its RFC2385-capable partner from the attack. That doesn't help if the attacker knows which side of the link is which platform, but it reduces the likelihood of an unresearched attack being successful. Mark _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[email protected]"