[原文]The system configuration control (sysctl) facility in BSD based operating systems OpenBSD 2.2 and earlier, and FreeBSD 2.2.5 and earlier, does not properly restrict source routed packets even when the (1) dosourceroute or (2) forwarding variables are set, which allows remote attackers to spoof TCP connections.
Multiple BSD sysctl Control Failure Source Routing Attack
Remote / Network Access
Loss of Integrity
Multiple BSDs contain a flaw that may allow a malicious user to spoof TCP connections against BSD hosts on networks that do not filter source routed packets via router packet filters. The issue is triggered when the sysctl system configuration control for "do source route" does not prevent source routed packets from being accepted by 4.4BSD kernels, even when the sysctl variable net.inet.ip.dosourceroute is set to '0'. It is possible that the flaw may result in a loss of integrity.
Currently, there are no known workarounds or upgrades to correct this issue. However, FreeBSD and OpenBSD have released patches to address this vulnerability.