BID:105058

FreeBSD TCP Reassembly CVE-2018-6922 Denial Of Service Vulnerability

CVE-2018-6922 |

Info

FreeBSD TCP Reassembly CVE-2018-6922 Denial Of Service Vulnerability

Bugtraq ID:	105058
Class:	Failure to Handle Exceptional Conditions
CVE:	CVE-2018-6922
Remote:	Yes
Local:	No
Published:	Aug 06 2018 12:00AM
Updated:	Aug 06 2018 12:00AM
Credit:	Juha-Matti Tilli
Vulnerable:	FreeBSD Freebsd 11.2-PRERELEASE FreeBSD Freebsd 11.2 FreeBSD Freebsd 11.1-RELEASE-p9 FreeBSD Freebsd 11.1-RELEASE-p7 FreeBSD Freebsd 11.1-RELEASE-p4 FreeBSD Freebsd 11.1-RELEASE-p10 FreeBSD Freebsd 11.1-RC2-p1 FreeBSD Freebsd 11.1-RC1-p1 FreeBSD Freebsd 11.1-PRERELEASE FreeBSD Freebsd 11.1-BETA3-p1 FreeBSD Freebsd 11.1 FreeBSD Freebsd 11.0-STABLE FreeBSD Freebsd 11.0-RELEASE-p6 FreeBSD Freebsd 11.0-RELEASE-p4 FreeBSD Freebsd 11.0-RELEASE-p15 FreeBSD Freebsd 11.0-RELEASE-p11 FreeBSD Freebsd 11.0-RELEASE-p10 FreeBSD Freebsd 10.4-RELEASE-p9 FreeBSD Freebsd 10.4-RELEASE-p8 FreeBSD Freebsd 10.4-RELEASE-p6 FreeBSD Freebsd 10.4-RELEASE-p3 FreeBSD Freebsd 10.4 FreeBSD Freebsd 10.3-STABLE FreeBSD Freebsd 10.3-RELEASE-p5 FreeBSD Freebsd 10.3-RELEASE-p4 FreeBSD Freebsd 10.3-RELEASE-p3 FreeBSD Freebsd 10.3-RELEASE-p29 FreeBSD Freebsd 10.3-RELEASE-p27 FreeBSD Freebsd 10.3-RELEASE-p24 FreeBSD Freebsd 10.3-RELEASE-p20 FreeBSD Freebsd 10.3-RELEASE-p2 FreeBSD Freebsd 10.3-RELEASE-p19 FreeBSD Freebsd 10.3-RELEASE-p15 FreeBSD Freebsd 10.3-RELEASE-p13 FreeBSD Freebsd 10.3-RELEASE-p1 FreeBSD Freebsd 10.3-RC2 FreeBSD Freebsd 10.3 FreeBSD Freebsd 10.2-STABLE FreeBSD Freebsd 10.2-RELENG FreeBSD Freebsd 10.2-RELEASE-p9 FreeBSD Freebsd 10.2-RELEASE-p8 FreeBSD Freebsd 10.2-RELEASE-p6 FreeBSD Freebsd 10.2-RELEASE-p28 FreeBSD Freebsd 10.2-RELEASE-p26 FreeBSD Freebsd 10.2-RELEASE-p19 FreeBSD Freebsd 10.2-RELEASE-p18 FreeBSD Freebsd 10.2-RELEASE-p17 FreeBSD Freebsd 10.2-RELEASE-p16 FreeBSD Freebsd 10.2-RELEASE-p14 FreeBSD Freebsd 10.2-RELEASE-p13 FreeBSD Freebsd 10.2-RELEASE-p12 FreeBSD Freebsd 10.2-RELEASE-p11 FreeBSD Freebsd 10.2-RELEASE-p10 FreeBSD Freebsd 10.2-RC2-p1 FreeBSD Freebsd 10.2-RC1-p2 FreeBSD Freebsd 10.2-RC1-p1 FreeBSD Freebsd 10.2-PRERELEASE FreeBSD Freebsd 10.2-BETA3 FreeBSD Freebsd 10.2-BETA2-p3 FreeBSD Freebsd 10.2-BETA2-p2 FreeBSD Freebsd 10.2 FreeBSD FreeBSD 10.1-STABLE FreeBSD Freebsd 10.1-RELENG FreeBSD Freebsd 10.1-RELEASE-p9 FreeBSD Freebsd 10.1-RELEASE-p6 FreeBSD Freebsd 10.1-RELEASE-p5 FreeBSD Freebsd 10.1-RELEASE-p45 FreeBSD Freebsd 10.1-RELEASE-p43 FreeBSD Freebsd 10.1-RELEASE-p36 FreeBSD Freebsd 10.1-RELEASE-p35 FreeBSD Freebsd 10.1-RELEASE-p34 FreeBSD Freebsd 10.1-RELEASE-p33 FreeBSD Freebsd 10.1-RELEASE-p31 FreeBSD Freebsd 10.1-RELEASE-p30 FreeBSD Freebsd 10.1-RELEASE-p29 FreeBSD Freebsd 10.1-RELEASE-p28 FreeBSD Freebsd 10.1-RELEASE-p27 FreeBSD Freebsd 10.1-RELEASE-p26 FreeBSD Freebsd 10.1-RELEASE-p25 FreeBSD Freebsd 10.1-RELEASE-p23 FreeBSD Freebsd 10.1-RELEASE-p19 FreeBSD Freebsd 10.1-RELEASE-p17 FreeBSD Freebsd 10.1-RELEASE-p16 FreeBSD FreeBSD 10.1-RELEASE-p1 FreeBSD Freebsd 10.1-RELEASE FreeBSD FreeBSD 10.1-RC4-p1 FreeBSD FreeBSD 10.1-RC3-p1 FreeBSD FreeBSD 10.1-RC2-p3 FreeBSD FreeBSD 10.1-RC2-p1 FreeBSD FreeBSD 10.1-RC1-p1 FreeBSD FreeBSD 10.1-PRERELEASE FreeBSD FreeBSD 10.1-BETA3-p1 FreeBSD FreeBSD 10.1-BETA1-p1 FreeBSD FreeBSD 10.1

Not Vulnerable:	FreeBSD Freebsd 11.2-RELEASE-p1 FreeBSD Freebsd 11.1-STABLE FreeBSD Freebsd 11.1-RELEASE-p12 FreeBSD Freebsd 10.4-STABLE FreeBSD Freebsd 10.4-RELEASE-p10

Discussion

FreeBSD TCP Reassembly CVE-2018-6922 Denial Of Service Vulnerability

FreeBSD is prone to denial-of-service vulnerability.

Attackers can exploit this issue to resource exhaustion and crash the affected application, denying service to legitimate users.

Exploit / POC

FreeBSD TCP Reassembly CVE-2018-6922 Denial Of Service Vulnerability

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Solution / Fix

FreeBSD TCP Reassembly CVE-2018-6922 Denial Of Service Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

References

FreeBSD TCP Reassembly CVE-2018-6922 Denial Of Service Vulnerability

References:

FreeBSD Homepage (FreeBSD)
Resource Exhaustion in TCP Reassemble (FreeBSD)
There is a vulnerability in FreeBSD that affects AIX. (IBM)