Title: FreeBSD ipfw Layer 4 Tracking Fragmented IP Packet Remote DoS
Jan 11, 2006
FreeBSD contains a flaw that may allow a remote denial of service. The issue is triggered when a malicious attacker sends ICMP IP fragments to or through an ipfw firewall which match any reset, reject or unreach actions. Due to the incorrect handling of IP fragments, the pointer to layer 4 header information fails to get initialized, resulting in loss of availability for the platform.
Remote / Network Access
Denial of Service
Loss of Availability
Upgrade to version 6.0-STABLE or or to the RELENG_6_0 security branch dated after the correction date, as it has been reported to fix this vulnerability. In addition, FreeBSD has released a patch to address this vulnerability.