--On 30 April 2014 04:35:10 +0000 FreeBSD Security Advisories <security-advisories@freebsd.org> wrote: > II. Problem Description > > FreeBSD may add a reassemble queue entry on the stack into the segment > list when the reassembly queue reaches its limit. The memory from the > stack is undefined after the function returns. Subsequent iterations of > the reassembly function will attempt to access this entry. Hi, Does this require an established TCP session to be present? - i.e. If you have a host which provides no external TCP sessions (i.e. replies 'Connection Refused' / drops the initial SYN) would that still be potentially exploitable? What about boxes used as routers - that just forward the traffic (and again, offer no TCP services directly themselves)? -Karl _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"