-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=============================================================================
pfSense-SA-15_02.igmp                                       Security Advisory
                                                                      pfSense

Topic:          Integer overflow in IGMP protocol

Category:       pfSense Base System
Module:         igmp
Announced:      2015-03-05
Credits:        FreeBSD, Mateusz Kocielski, Logicaltrust,
                Marek Kroemeke, and 22733db72ab3ed94b5f8a1ffcde850251fe6f466
Affects:        pfSense <= 2.2.1
Corrected:      2015-02-25 05:56:16 UTC (Base system)
CVE Name:       CVE-2015-1414
FreeBSD SA:     FreeBSD-SA-15:04.igmp

0.   Revision History

v1.0  2015-03-05 Initial release.

I.   Background

pfSense is a free network firewall distribution.  pfSense is based on the
FreeBSD operating system with a custom kernel and other changes. pfSense
includes third-party free software packages for additional functionality.
pfSense provides most of the functionality of common commercial firewalls,
and much more.

pfSense includes a web interface for the configuration of all included
components. Knowledge of FreeBSD is not necessary. Unlike similar GNU/Linux-
based firewall distributions, there is no need for any UNIX knowledge.  The
command line is never used, and there is no need to ever manually edit any
rule sets.

The majority of pfSense users have never installed or used a stock FreeBSD
system. Users familiar with commercial firewalls will quickly understand the
web interface. Users unfamiliar with commercial-grade firewalls may
encounter a short learning curve.

- From the FreeBSD SA:
IGMP is a control plane protocol used by IPv4 hosts and routers to propagate
multicast group membership information.  IGMP version 3 is implemented on
FreeBSD.

II.  Problem Description

- From the FreeBSD SA:
An integer overflow in computing the size of IGMPv3 data buffer can result
in a buffer which is too small for the requested operation.

III. Impact

- From the FreeBSD SA:
An attacker who can send specifically crafted IGMP packets could cause a
denial of service situation by causing the kernel to crash.

N.B.: The default WAN rules on pfSense would already block such packets,
but they could be sourced from local interfaces.

IV.  Workaround

Block incoming IGMP packets by protecting your host/networks with firewall
rules.

V.   Solution

Perform the following:

Upgrade to pfSense 2.2.1 upon its release. This can be performed in the web
interface or from the console. See
https://doc.pfsense.org/index.php/Upgrade_Guide

VI.  Correction details

The base OS was updated to 10.1-RELEASE-p6

VII. References

<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-15:04.igmp.asc>

The latest revision of this advisory is available at
<URL:https://pfsense.org/security/advisories/pfSense-SA-15_02.igmp.asc>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJU+K07AAoJEBO5h/2SFPja4skQAJwd+iOM1OUjXup6kPnGT6sE
5BJt0M5yYmsaI8Zwq7Q0pjlpA6lommOeLcYJIas3e5jtT4KoNOg/unALCoP+Nn/N
KEkOXxVUSUpcjmzwlpVO3g7KFNPXP0RT4MVL54m64yBk7aZck653uCoE0l1sw0v7
QUwfGiV0wfHgoq+jV1fazWBMO4cOZDWAwsNN4tby/WuhhKJRQ5fcR0HpmH2R9ZXz
clMQAMOyZlt1VNrszq8e6wKiUwkdroprlkGzEwOvK4B4KMxjR+9NZrjLoS1TZdHW
t/u6DQO485WiZKh7BLvBxy73KvhceGiP3gCvuUZ9+0j41rvosHEIFW6NACpkT9Zr
wtYfE8zHQkBlKKw8y6foJo/jwHWa3cuBSm097lVVU1TqbMa6InVPmodXUla7kIBl
zNAqjHoq8k0NGBh+V3l4or7np0nehJYIPy/HBj/m5t+z+AeNwgemwG1/1fT9QvqP
b+UWrEWsMvmDIexa3EBerYhr6oehaumfIXTSMHepLLyEuIuwD07Z8Q+roVjJhM6V
HhtsKLhi2qKrIGXXqxG0CYxJc3o4vMWvNulLn2Ux3I1zszcDRzcSIIiTM1SCzQfM
MuTCcTAIMT2jkm3Tex6c4uG6KZ8gmigaJZo0bwjd1oModmLAPXa+6NpviT54BbfP
cOSMg5QzC6z34HFByhT/
=kt90
-----END PGP SIGNATURE-----