https://www.exploit-db.com/exploits/20593
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200103-103

FreeBSD4.2及其之前版本的ipfw和ip6fw存在漏洞。远程攻击者可以通过设置TCP数据包的ECE标志绕过访问限制，该漏洞导致此数据包作为已建立连接的一部分显示出来。

source: www.securityfocus.com/bid/2293/info

There exists a serious vulnerability in FreeBSD's implementation of packet filtering for IPv4 and IPv6.

The vulnerability exists in situations where a filtering rule permits packets through if they are part of an established connection.

It is possible for packets that are not part of an established connection to be allowed through. These packets must have the ECE flag set, which is in the TCP reserved options field.

Exploitation of this vulnerability may allow for unauthorized remote access to otherwise protected services. 

https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/20593.tgz

来源:BID
名称:2293
链接:http://www.securityfocus.com/bid/2293
来源:FREEBSD
名称:FreeBSD-SA-01:08
链接:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:08.ipfw.asc
来源:XF
名称:ipfw-bypass-firewall(5998)
链接:http://xforce.iss.net/xforce/xfdb/5998
来源:BUGTRAQ
名称:20010125ecepass-proofofconceptcodeforFreeBSDipfwbypass
链接:http://www.security-express.com/archives/bugtraq/2001-01/0424.html
来源:OSVDB
名称:1743
链接:http://www.osvdb.org/1743
来源:CIAC
名称:L-029
链接:http://www.ciac.org/ciac/bulletins/l-029.shtml