[Cerowrt-devel] sack panic CVEs
dave.taht at gmail.com
Tue Jun 18 17:23:19 EDT 2019
Apparently people are exploiting this in the wild.
CeroWrt - if anyone is still running it, does have a web server that
might be vulnerable, same for the ssh port. openwrt as well, well...
*Anybody* with an exposed tcp server of just about any sort on freebsd
or linux seems vulnerable to the first bug, which causes a kernel
Ironically I had been pushing over on ecn-sane to experiment with
lowering the MSS to keep signal strength up in highly congested
someone found another use for the idea.
There is an iptables workaround,, documented here:
I remember the "ping O death" which cost me christmas in the early
90s. I've been watching the patches to the kernel land and wishing I
was somewhere else.
CTO, TekLibre, LLC
More information about the Cerowrt-devel