--On 30 April 2014 04:35:10 +0000 FreeBSD Security Advisories <[email protected]> wrote: > II. Problem Description > > FreeBSD may add a reassemble queue entry on the stack into the segment > list when the reassembly queue reaches its limit. The memory from the > stack is undefined after the function returns. Subsequent iterations of > the reassembly function will attempt to access this entry. Hi, Does this require an established TCP session to be present? - i.e. If you have a host which provides no external TCP sessions (i.e. replies 'Connection Refused' / drops the initial SYN) would that still be potentially exploitable? What about boxes used as routers - that just forward the traffic (and again, offer no TCP services directly themselves)? -Karl _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[email protected]"