Vigil@nce - FreeBSD: adress based IP filtering bypass

May 2019 by Vigil@nce

SYNTHESIS OF THE VULNERABILITY

Impacted products: FreeBSD, pfSense.

Severity: 1/4.

Consequences: data flow.

Provenance: internet client.

Confidence: confirmed by the editor (5/5).

Creation date: 15/05/2019.

DESCRIPTION OF THE VULNERABILITY

An attacker can tamper with the IP addresse of a an IP packet nested in an ICMP one, in order to bypass the FreeBSD packet filter.

