=====================================================================
                                   CERT-Renater

                        Note d'Information No. 2009/VULN174
_____________________________________________________________________

DATE                      : 17/04/2009

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : OpenBSD running pf.

======================================================================
http://www.openbsd.org/errata44.html#013_pf
http://www.sigmasoft.com/~openbsd/archives/html/openbsd-security-announce/2009-04/msg00002.html
______________________________________________________________________

When pf attempts to perform translation on a specially crafted IP datagram
a null pointer dereference will occur, resulting in a kernel panic.
In certain configurations this may be triggered by a remote attacker.

Restricting translation rules to protocols that are specific to the IP version
in use is an effective workaround until the patch can be installed. As an
example, for IPv4 nat/binat/rdr rules you can use:

nat/rdr ... inet proto { tcp udp icmp } ...

Or for IPv6 nat/binat/rdr rules you can use:

nat/rdr ... inet6 proto { tcp udp icmp6 } ...

This issue has been fixed in -current. Source code patches are available for
OpenBSD 4.3, 4.4 and 4.5.

Patch for OpenBSD 4.5:
    ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.5/common/002_pf.patch

Patch for OpenBSD 4.4:
    ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.4/common/013_pf.patch

Patch for OpenBSD 4.3:
    ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.3/common/013_pf.patch

These patches are also available in the OPENBSD_4_5, OPENBSD_4_4 and
OPENBSD_4_3 patch branches.


======================================================================

          =========================================================
          Les serveurs de référence du CERT-Renater
          http://www.urec.fr/securite
          http://www.cru.fr/securite
          http://www.renater.fr
          =========================================================
          + CERT-RENATER          | tel : 01-53-94-20-44          +
          + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
          + 75013 Paris           | email: certsvp@renater.fr     +
          =========================================================