Multiple Vendor *BSD Denial of Service Vulnerability
BID:1296
Info
Multiple Vendor *BSD Denial of Service Vulnerability
| Bugtraq ID: | 1296 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Jun 01 2000 12:00AM |
| Updated: | Jun 01 2000 12:00AM |
| Credit: | This vulnerability was posted to the Bugtraq mailing list on June 2, 2000 by "Ussr Labs" <[email protected]> |
| Vulnerable: |
OpenBSD OpenBSD 2.7 OpenBSD OpenBSD 2.6 OpenBSD OpenBSD 2.5 NetBSD NetBSD 1.4.2 x86 NetBSD NetBSD 1.4.2 SPARC NetBSD NetBSD 1.4.2 Alpha NetBSD NetBSD 1.4.1 x86 NetBSD NetBSD 1.4.1 SPARC NetBSD NetBSD 1.4.1 Alpha FreeBSD FreeBSD 5.0 FreeBSD FreeBSD 4.0 FreeBSD FreeBSD 3.4 FreeBSD FreeBSD 3.3 FreeBSD FreeBSD 3.2 FreeBSD FreeBSD 3.1 |
| Not Vulnerable: | |
Discussion
Multiple Vendor *BSD Denial of Service Vulnerability
A denial of service attack exists that affects FreeBSD, NetBSD and OpenBSD. It is believed that all versions of these operating systems are vulnerable. The vulnerability is related to setting socket options regarding the size of the send and receive buffers on a socketpair. By setting them to certain values, and performing a write the size of the value the options have been set to, FreeBSD can be made to panic. NetBSD and OpenBSD do not panic, but network applications will stop responding.
Details behind why this happens have not been made available.
A denial of service attack exists that affects FreeBSD, NetBSD and OpenBSD. It is believed that all versions of these operating systems are vulnerable. The vulnerability is related to setting socket options regarding the size of the send and receive buffers on a socketpair. By setting them to certain values, and performing a write the size of the value the options have been set to, FreeBSD can be made to panic. NetBSD and OpenBSD do not panic, but network applications will stop responding.
Details behind why this happens have not been made available.
Exploit / POC
Multiple Vendor *BSD Denial of Service Vulnerability
An exploit has been made available.
An exploit has been made available.
Solution / Fix
Multiple Vendor *BSD Denial of Service Vulnerability
Solution:
Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
A sample login.conf which protects from this DoS is available.
FreeBSD FreeBSD 5.0
Solution:
Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
A sample login.conf which protects from this DoS is available.
FreeBSD FreeBSD 5.0
-
Unknown login.conf
http://www.securityfocus.com/data/vulnerabilities/patches/login.conf
References
Multiple Vendor *BSD Denial of Service Vulnerability
References:
References: