Arbitrary Remote Host Connections Allowed in FreeBSD's ipfw due to me Rule Handling Vulnerability

Arbitrary Remote Host Connections Allowed in FreeBSD's ipfw due to me Rule Handling Vulnerability

CVE-2001-0969 · HIGH Severity

AV:N/AC:L/AU:N/C:C/I:C/A:C

ipfw in FreeBSD does not properly handle the use of "me" in its rules when point to point interfaces are used, which causes ipfw to allow connections from arbitrary remote hosts.

Learn more about our Web Application Penetration Testing UK.