Info

Disclosure

Dec 21, 1998

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

BSD-derived TCP/IP implementations contain a flaw that may allow a remote denial of service. The issue is triggered when short TCP packets with certain options set are sent to the system, and will result in loss of availability for the system.

Classification

Location: Remote / Network Access
Attack Type: Denial of Service
Impact: Loss of Availability
Exploit: Exploit Public
Disclosure: OSVDB Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Various vendors have released a patch to address this vulnerability.

Products

BSDI

BSD/OS

3.1

FreeBSD Project	FreeBSD	1.1.5.1
		2.0
		2.0.5
		2.1
		2.1.x
		2.2.3
		2.2.4
		2.2.5
		2.2.6

OpenBSD	OpenBSD	2.2
		2.3
		2.4

References

Bugtraq ID: 120
CVE ID: 1999-0001 (see also: NVD)
CERT: CA-1998-13
Vendor URL: http://www.freebsd.org
Vendor Specific Solution URL: http://www.openbsd.org/errata22.html
http://www.openbsd.org/errata23.html
http://www.openbsd.org/errata24.html
Generic Informational URL: http://www.pdos.lcs.mit.edu/~rtm/papers/117.pdf
Mail List Post: http://www.securityfocus.com/archive/1/11679
Generic Exploit URL: http://www.securityfocus.com/archive/1/11728

Credit

Guido van Rooij - FreeBSD, Inc.
Joel Boutros -

Direct URL: http://osvdb.org/5707

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

BSDI

BSD/OS

FreeBSD Project

FreeBSD

OpenBSD

OpenBSD

References

Credit