OSVDB ID: 908

Title: Multiple BSD TCP/IP Stacks IP Fragmentation Remote DoS

Info

Disclosure
Nov 04, 1998

Discovery
Unknown

Dates

Exploit
Nov 04, 1998

Solution
Unknown

Description

 Certain BSD derived TCP/IP stacks contain a flaw that may allow a remote denial of service. The issue is triggered when a malicious user creates and sends a pair of malformed IP packets that are reassembled into an invalid UDP datagram. The invalid UDP datagram will cause the kernel to panic and crash, resulting in a loss of availability for the platform.

Classification

 Location: Remote / Network Access
Attack Type: Denial of Service
Impact: Loss of Availability
Exploit: Exploit Public
Disclosure: OSVDB Verified, Vendor Verified

Solution

 Upgrade BSD to version 4.0 or higher, as it has been reported to fix this vulnerability. In addition, BSDI has released a patch for some older versions. Upgrade FreeBSD to version 3.0 or higher after the correction date, as it has been reported to fix this vulnerability. In addition, FreeBSD has released a patch for some older versions. Upgrade OpenBSD to version 2.4 or higher after the correction date, as it has been reported to fix this vulnerability. In addition, OpenBSD has released a patch for some older versions.

Products

FreeBSD Project

FreeBSD

 1.x
2.0.x
2.1.x
2.2.2
2.2.8
3.0-x

BSDI

BSD

 3.1

OpenBSD

OpenBSD

 2.2
2.3
2.4
2.0
2.1

References

Credit

Unknown or Incomplete


Direct URL: http://osvdb.org/908