FreeBSD NetINet TCP Maximum Segment Size Remote Denial Of Service Vulnerability
BID:9572
Info
FreeBSD NetINet TCP Maximum Segment Size Remote Denial Of Service Vulnerability
| Bugtraq ID: | 9572 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: |
CVE-2004-0002 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 03 2004 12:00AM |
| Updated: | Jul 12 2009 02:06AM |
| Credit: | This vulnerability was announced by the vendor. |
| Vulnerable: |
FreeBSD FreeBSD 5.2 FreeBSD FreeBSD 5.1 -RELENG FreeBSD FreeBSD 5.1 -RELEASE-p5 FreeBSD FreeBSD 5.1 FreeBSD FreeBSD 5.0 -RELENG FreeBSD FreeBSD 5.0 -RELEASE-p14 FreeBSD FreeBSD 5.0 alpha FreeBSD FreeBSD 5.0 FreeBSD FreeBSD 4.9 -PRERELEASE FreeBSD FreeBSD 4.9 FreeBSD FreeBSD 4.8 -RELENG FreeBSD FreeBSD 4.8 -RELEASE-p7 FreeBSD FreeBSD 4.8 -PRERELEASE FreeBSD FreeBSD 4.8 FreeBSD FreeBSD 4.7 -STABLE FreeBSD FreeBSD 4.7 -RELENG FreeBSD FreeBSD 4.7 -RELEASE-p17 FreeBSD FreeBSD 4.7 -RELEASE FreeBSD FreeBSD 4.7 FreeBSD FreeBSD 4.6.2 FreeBSD FreeBSD 4.6 -STABLE FreeBSD FreeBSD 4.6 -RELENG FreeBSD FreeBSD 4.6 -RELEASE-p20 FreeBSD FreeBSD 4.6 -RELEASE FreeBSD FreeBSD 4.6 FreeBSD FreeBSD 4.5 -STABLEpre2002-03-07 FreeBSD FreeBSD 4.5 -STABLE FreeBSD FreeBSD 4.5 -RELENG FreeBSD FreeBSD 4.5 -RELEASE-p32 FreeBSD FreeBSD 4.5 -RELEASE FreeBSD FreeBSD 4.5 FreeBSD FreeBSD 4.4 -STABLE FreeBSD FreeBSD 4.4 -RELENG FreeBSD FreeBSD 4.4 -RELENG FreeBSD FreeBSD 4.4 -RELEASE-p42 FreeBSD FreeBSD 4.4 FreeBSD FreeBSD 4.3 -STABLE FreeBSD FreeBSD 4.3 -RELENG FreeBSD FreeBSD 4.3 -RELEASE-p38 FreeBSD FreeBSD 4.3 -RELEASE FreeBSD FreeBSD 4.3 FreeBSD FreeBSD 4.2 -STABLEpre122300 FreeBSD FreeBSD 4.2 -STABLEpre050201 FreeBSD FreeBSD 4.2 -STABLE FreeBSD FreeBSD 4.2 -RELEASE FreeBSD FreeBSD 4.2 FreeBSD FreeBSD 4.1.1 -STABLE FreeBSD FreeBSD 4.1.1 -RELEASE FreeBSD FreeBSD 4.1.1 FreeBSD FreeBSD 4.1 FreeBSD FreeBSD 4.0 .x FreeBSD FreeBSD 4.0 -RELENG FreeBSD FreeBSD 4.0 alpha FreeBSD FreeBSD 4.0 FreeBSD FreeBSD 3.5.1 -STABLEpre2001-07-20 FreeBSD FreeBSD 3.5.1 -STABLE FreeBSD FreeBSD 3.5.1 -RELEASE FreeBSD FreeBSD 3.5.1 FreeBSD FreeBSD 3.5 x FreeBSD FreeBSD 3.5 -STABLEpre122300 FreeBSD FreeBSD 3.5 -STABLEpre050201 FreeBSD FreeBSD 3.5 -STABLE FreeBSD FreeBSD 3.5 FreeBSD FreeBSD 3.4 x FreeBSD FreeBSD 3.4 FreeBSD FreeBSD 3.3 x FreeBSD FreeBSD 3.3 FreeBSD FreeBSD 3.2 x FreeBSD FreeBSD 3.2 FreeBSD FreeBSD 3.1 x FreeBSD FreeBSD 3.1 FreeBSD FreeBSD 3.0 -RELENG FreeBSD FreeBSD 3.0 |
| Not Vulnerable: | |
Discussion
FreeBSD NetINet TCP Maximum Segment Size Remote Denial Of Service Vulnerability
The FreeBSD netinet implementation has been reported prone to a vulnerability that may allow remote attackers to deny service to affected servers.
The issue presents itself, due to a lack of restrictions placed on TCP MSS (Maximum Segment Size) values. A remote attacker may exploit this condition to deny service to legitimate users.
The FreeBSD netinet implementation has been reported prone to a vulnerability that may allow remote attackers to deny service to affected servers.
The issue presents itself, due to a lack of restrictions placed on TCP MSS (Maximum Segment Size) values. A remote attacker may exploit this condition to deny service to legitimate users.
Exploit / POC
FreeBSD NetINet TCP Maximum Segment Size Remote Denial Of Service Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
FreeBSD NetINet TCP Maximum Segment Size Remote Denial Of Service Vulnerability
Solution:
Fixes to address this issue are available through in the latest CVS development branch of FreeBSD.
Solution:
Fixes to address this issue are available through in the latest CVS development branch of FreeBSD.
References
FreeBSD NetINet TCP Maximum Segment Size Remote Denial Of Service Vulnerability
References:
References: