FreeBSD-SA-06:04.ipfw "ipfw IP fragment denial of service"

The FreeBSD Project よりセキュリティ勧告が出ました。要点を以下にまとめます。

未稿

セキュリティ勧告は ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:04.ipfw.asc にあります。
以下は上記のセキュリティ勧告の一部~~とその訳文~~です。ただし品質は保証致しません。

I. 背景 - Background

ipfw(8) is a system facility which provides IP packet filtering, accounting, and redirection. Among the many features, while discarding packets it can perform actions defined by the user, such as sending back TCP reset or ICMP unreachable packets. These operations can be performed by using the reset, reject or uncreach actions.

II. 問題の詳細 - Problem Description

The firewall maintains a pointer to layer 4 header information in the event that it needs to send a TCP reset or ICMP error message to discard packets. Due to incorrect handling of IP fragments, this pointer fails to get initialized.

III. 影響範囲 - Impact

An attacker can cause the firewall to crash by sending ICMP IP fragments to or through firewalls which match any reset, reject or unreach actions.

IV. 回避方法 - Workaround

Change any reset, reject or unreach actions to deny. It should be noted that this will result in packets being silently discarded.