OpenBSD TCP Timestamp Remote Denial Of Service Vulnerability
BID:12250
Info
OpenBSD TCP Timestamp Remote Denial Of Service Vulnerability
| Bugtraq ID: | 12250 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: |
CVE-2005-0740 |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 13 2005 12:00AM |
| Updated: | Jul 12 2009 09:27AM |
| Credit: | The individual or individuals responsible for the discovery of this issue are currently unknown; the vendor disclosed this issue. |
| Vulnerable: |
OpenBSD OpenBSD 2.9 OpenBSD OpenBSD 2.8 OpenBSD OpenBSD 2.7 OpenBSD OpenBSD 2.6 OpenBSD OpenBSD 2.5 OpenBSD OpenBSD 2.4 OpenBSD OpenBSD 2.3 OpenBSD OpenBSD 2.2 OpenBSD OpenBSD 2.1 OpenBSD OpenBSD 2.0 OpenBSD OpenBSD 3.6 OpenBSD OpenBSD 3.5 OpenBSD OpenBSD 3.4 OpenBSD OpenBSD 3.3 OpenBSD OpenBSD 3.2 OpenBSD OpenBSD 3.1 OpenBSD OpenBSD 3.0 OpenBSD OpenBSD -current |
| Not Vulnerable: | |
Discussion
OpenBSD TCP Timestamp Remote Denial Of Service Vulnerability
A remote denial of service vulnerability affects the TCP timestamp processing functionality of OpenBSD. This issue is due to a failure of the system to properly handle exceptional network data.
A remote attacker may leverage this issue to cause the kernel to panic on an affected computer, triggering a denial of service condition.
A remote denial of service vulnerability affects the TCP timestamp processing functionality of OpenBSD. This issue is due to a failure of the system to properly handle exceptional network data.
A remote attacker may leverage this issue to cause the kernel to panic on an affected computer, triggering a denial of service condition.
Exploit / POC
OpenBSD TCP Timestamp Remote Denial Of Service Vulnerability
The following exploit has been made available by __blf 2005 RusH Security Team:
The following exploit has been made available by __blf 2005 RusH Security Team:
Solution / Fix
OpenBSD TCP Timestamp Remote Denial Of Service Vulnerability
Solution:
OpenBSD has released the following patches dealing with this issue:
OpenBSD OpenBSD 3.5
OpenBSD OpenBSD 3.6
Solution:
OpenBSD has released the following patches dealing with this issue:
OpenBSD OpenBSD 3.5
-
openBSD 027_rtt.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/027_rtt.patch
OpenBSD OpenBSD 3.6
-
openBSD 010_rtt.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.6/common/010_rtt.patch
References
OpenBSD TCP Timestamp Remote Denial Of Service Vulnerability
References:
References:
- 010: RELIABILITY FIX: January 11, 2005 (OpenBSD)
- OpenBSD Homepage (OpenBSD)