is this mbuf problem real?

• Previous message: Jason Harris: "Re: cvs commit: ports/devel/tmake Makefile distinfo"
• Next in thread: Damian Gerow: "Re: is this mbuf problem real?"
• Reply: Damian Gerow: "Re: is this mbuf problem real?"
• Reply: Jacques A. Vidrine: "Re: is this mbuf problem real?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 18 Feb 2004 06:21:25 -0800 (PST)
To: freebsd-security@freebsd.org

BM_207650
MEDIUM
Vulnerability
Version: 1 2/18/2004@03:47:29 GMT
Initial report
         <https://ialert.idefense.com/KODetails.jhtml?irId=207650>
ID#207650:
FreeBSD Memory Buffer Exhaustion Denial of Service Vulnerability
(iDEFENSE Exclusive): Remote exploitation of a denial of service (DoS)
vulnerability in FreeBSD's memory buffers (mbufs) could allow attackers
to launch a DoS attack.

By sending many out-of-sequence packets, a low bandwidth denial of
service attack is possible against FreeBSD. When the targeted system
runs out of memory buffers (mbufs), it is no longer able to accept or
create new connections.

Analysis: (iDEFENSE US) Exploitation of this vulnerability requires
that the targeted system has at least one open TCP port.

The DoS will last until the port is closed, either by the attacker or
the target machine.

Detection: iDEFENSE has confirmed this vulnerability exists in FreeBSD
5.1 (default install from media). It is expected that it also exists
in earlier versions.

Exploit: iDEFENSE has proof of concept exploit code demonstrating the
impact of this vulnerability.

Vulnerability Types: Design Error - Denial of Service
Prevalence and Popularity: Almost always
Evidence of Active Exploitation or Probing: No known exploitation or
spike in probing
Ease of Exploitation: Remotely Exploitable
Existence and Availability of Exploit Code: An Exploit exists and is
closely traded.
Vulnerability Consequence: Availability

__________________________________
Do you Yahoo!?
Yahoo! Mail SpamGuard - Read only the mail you want.
http://antispam.yahoo.com/tools
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

• Previous message: Jason Harris: "Re: cvs commit: ports/devel/tmake Makefile distinfo"
• Next in thread: Damian Gerow: "Re: is this mbuf problem real?"
• Reply: Damian Gerow: "Re: is this mbuf problem real?"
• Reply: Jacques A. Vidrine: "Re: is this mbuf problem real?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages [Full-Disclosure] iDEFENSE Security Advisory 09.26.2002: Exploitable Buffer Overflow in gv ... iDEFENSE Security Advisory 09.26.2002 ... This vulnerability affects the latest version of gv, ... To avoid potential exploitation, users can select alternatives to gv ... Coordinated public disclosure was scheduled ... (Full-Disclosure) Re: Fwd: [is this mbuf problem real?] ... > information from iDEFENSE. ... of resource exhaustion attack. ... > FreeBSD Memory Buffer Exhaustion Denial of Service Vulnerability ... Remote exploitation of a denial of service ... (freebsd-net) [Full-disclosure] iDefense Security Advisory 02.12.08: ClamAV libclamav PE File Integer Overflow ... Remote exploitation of an integer overflow vulnerability in Clam ... AntiVirus' ClamAV, as included in various vendors' operating system ... iDefense has confirmed the existence of this vulnerability in ClamAV ... (Full-Disclosure) iDefense Security Advisory 02.12.08: ClamAV libclamav PE File Integer Overflow Vulnerability ... Remote exploitation of an integer overflow vulnerability in Clam ... AntiVirus' ClamAV, as included in various vendors' operating system ... iDefense has confirmed the existence of this vulnerability in ClamAV ... (Bugtraq) [VulnWatch] iDefense Security Advisory 02.12.08: ClamAV libclamav PE File Integer Overflow Vulnerabi ... Remote exploitation of an integer overflow vulnerability in Clam ... AntiVirus' ClamAV, as included in various vendors' operating system ... iDefense has confirmed the existence of this vulnerability in ClamAV ... (VulnWatch)