BID:12951

OpenBSD TCP Stack Remote Denial Of Service Vulnerability

Info

OpenBSD TCP Stack Remote Denial Of Service Vulnerability

Bugtraq ID:	12951
Class:	Failure to Handle Exceptional Conditions
CVE:	CVE-2005-0960
Remote:	Yes
Local:	No
Published:	Mar 31 2005 12:00AM
Updated:	Jul 12 2009 11:56AM
Credit:	The individual or individuals responsible for the discovery of this issue are currently unknown; the vendor disclosed this issue.
Vulnerable:	OpenBSD OpenBSD 3.6 OpenBSD OpenBSD 3.5

Not Vulnerable:

Discussion

OpenBSD TCP Stack Remote Denial Of Service Vulnerability

A remote denial of service vulnerability affects the OpenBSD operating system. This issue is due to implementation errors in the TCP stack, causing it to fail on malicious requests.

A remote attacker may leverage this issue to cause an affected computer to exhaust memory or crash, denying service to legitimate users.

Exploit / POC

OpenBSD TCP Stack Remote Denial Of Service Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.

Solution / Fix

OpenBSD TCP Stack Remote Denial Of Service Vulnerability

Solution:
The vendor has released a patch dealing with this issue.

OpenBSD OpenBSD 3.5

OpenBSD 030_sack.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/030_sack.patch

OpenBSD OpenBSD 3.6

OpenBSD 013_sack.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.6/common/013_sack.patch

References

OpenBSD TCP Stack Remote Denial Of Service Vulnerability

References:

013: RELIABILITY FIX: March 30, 2005 - Bugs in the tcp(4) stack (OpenBSD)
030: RELIABILITY FIX: March 30, 2005 - Bugs in the tcp(4) stack (OpenBSD)
OpenBSD Homepage (OpenBSD)