remove extraneous source quench rule
Bug #1558068 reported by
hucste
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| ufw |
Fix Released
|
Low
|
Jamie Strandboge | ||
Bug Description
Into the before.rules, this rule is :
-A ufw-before-input -p icmp --icmp-type source-quench -j ACCEPT
-A ufw-before-forward -p icmp --icmp-type source-quench -j ACCEPT
Segun the draft recommandation IETF about ICMP filtering (2013-2014), source quench is deprecated, and exploited for attacks.
(see: https:/
$ ufw --version
ufw 0.34~rc-0ubuntu2
Copyright 2008-2012 Canonical Ltd
# Trusty
CVE References
Revision history for this message
| Jamie Strandboge (jdstrand) wrote | #1 |
| summary: |
- source quench + remove extraneous source quench rule |
| information type: | Private Security → Public |
| Changed in ufw: | |
| status: | New → Fix Committed |
| importance: | Undecided → Low |
Revision history for this message
| Jamie Strandboge (jdstrand) wrote | #2 |
| Changed in ufw: | |
| assignee: | nobody → Jamie Strandboge (jdstrand) |
| status: | Fix Committed → Fix Released |
Revision history for this message
| Łukasz Zemczak (sil2100) wrote Proposed package upload rejected | #3 |
To post a comment you must log in.
The Linux kernel was given CVE-2004-0791 for implementing source quench and looking at the kernel sources, I verified it silently ignores this, so the (ancient) rule does not pose a security issue, but it should be removed.