Re: FreeBSD Security Advisory FreeBSD-SA-04:04.tcp
From: Daniel Spielman (dan_at_dreadful.org)
Date: 03/02/04
- Previous message: Jacques A. Vidrine: "Re: mbuf vulnerability"
- In reply to: FreeBSD Security Advisories: "FreeBSD Security Advisory FreeBSD-SA-04:04.tcp"
- Next in thread: Carlos A. Carnero Delgado: "Re: FreeBSD Security Advisory FreeBSD-SA-04:04.tcp"
- Reply: Carlos A. Carnero Delgado: "Re: FreeBSD Security Advisory FreeBSD-SA-04:04.tcp"
- Reply: Mike Tancsa: "Re: FreeBSD Security Advisory FreeBSD-SA-04:04.tcp"
- Reply: Jacques A. Vidrine: "Re: FreeBSD Security Advisory FreeBSD-SA-04:04.tcp"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 2 Mar 2004 12:06:14 -0800 (PST) To: freebsd-security@FreeBSD.org
is FreeBSD 5.2.1 affected by this exploit ?
On Tue, 2 Mar 2004, FreeBSD Security Advisories wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> =============================================================================
> FreeBSD-SA-04:04.tcp Security Advisory
> The FreeBSD Project
>
> Topic: many out-of-sequence TCP packets denial-of-service
>
> Category: core
> Module: kernel
> Announced: 2004-03-02
> Credits: iDEFENSE
> Affects: All FreeBSD releases
> Corrected: 2004-03-02 17:19:18 UTC (RELENG_4)
> 2004-03-02 17:24:46 UTC (RELENG_5_2, 5.2.1-RELEASE-p1)
> 2004-03-02 17:26:33 UTC (RELENG_4_9, 4.9-RELEASE-p3)
> 2004-03-02 17:27:47 UTC (RELENG_4_8, 4.8-RELEASE-p16)
> CVE Name: CAN-2004-0171
> FreeBSD only: NO
>
> I. Background
>
> The Transmission Control Protocol (TCP) of the TCP/IP protocol suite
> provides a connection-oriented, reliable, sequence-preserving data
> stream service. When network packets making up a TCP stream (``TCP
> segments'') are received out-of-sequence, they are maintained in a
> reassembly queue by the destination system until they can be re-ordered
> and re-assembled.
>
> II. Problem Description
>
> FreeBSD does not limit the number of TCP segments that may be held in a
> reassembly queue.
>
> III. Impact
>
> A remote attacker may conduct a low-bandwidth denial-of-service attack
> against a machine providing services based on TCP (there are many such
> services, including HTTP, SMTP, and FTP). By sending many
> out-of-sequence TCP segments, the attacker can cause the target machine
> to consume all available memory buffers (``mbufs''), likely leading to
> a system crash.
>
> IV. Workaround
>
> It may be possible to mitigate some denial-of-service attacks by
> implementing timeouts at the application level.
>
> V. Solution
>
> Do one of the following:
>
> 1) Upgrade your vulnerable system to 4-STABLE, or to the RELENG_5_2,
> RELENG_4_9, or RELENG_4_8 security branch dated after the correction
> date.
>
> OR
>
> 2) Patch your present system:
>
> The following patch has been verified to apply to FreeBSD 4.x and 5.x
> systems.
>
> a) Download the relevant patch from the location below, and verify the
> detached PGP signature using your PGP utility.
>
> [FreeBSD 5.2]
> # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:04/tcp52.patch
> # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:04/tcp52.patch.asc
>
> [FreeBSD 4.8, 4.9]
> # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:04/tcp47.patch
> # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:04/tcp47.patch.asc
>
> b) Apply the patch.
>
> # cd /usr/src
> # patch < /path/to/patch
>
> c) Recompile your kernel as described in
> <URL:http://www.freebsd.org/handbook/kernelconfig.html> and reboot the
> system.
>
> VI. Correction details
>
> The following list contains the revision numbers of each file that was
> corrected in FreeBSD.
>
> Branch Revision
> Path
> - -------------------------------------------------------------------------
> RELENG_4
> src/UPDATING 1.73.2.90
> src/sys/conf/newvers.sh 1.44.2.33
> src/sys/netinet/tcp_input.c 1.107.2.40
> src/sys/netinet/tcp_subr.c 1.73.2.33
> src/sys/netinet/tcp_var.h 1.56.2.15
> RELENG_5_2
> src/UPDATING 1.282.2.9
> src/sys/conf/newvers.sh 1.56.2.8
> src/sys/netinet/tcp_input.c 1.217.2.2
> src/sys/netinet/tcp_subr.c 1.169.2.4
> src/sys/netinet/tcp_var.h 1.93.2.2
> RELENG_4_9
> src/UPDATING 1.73.2.89.2.4
> src/sys/conf/newvers.sh 1.44.2.32.2.4
> src/sys/netinet/tcp_input.c 1.107.2.38.2.1
> src/sys/netinet/tcp_subr.c 1.73.2.31.4.1
> src/sys/netinet/tcp_var.h 1.56.2.13.4.1
> RELENG_4_8
> src/UPDATING 1.73.2.80.2.19
> src/sys/conf/newvers.sh 1.44.2.29.2.17
> src/sys/netinet/tcp_input.c 1.107.2.37.2.1
> src/sys/netinet/tcp_subr.c 1.73.2.31.2.1
> src/sys/netinet/tcp_var.h 1.56.2.13.2.1
> - -------------------------------------------------------------------------
>
> VII. References
>
> <URL:http://www.idefense.com/application/poi/display?id=78&type=vulnerabilities>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.4
>
> iD8DBQFAROKHFdaIBMps37IRAu9EAJ9VY70IDYdjr6GkKJCJCGyvBV3OcQCeIXwL
> UDTQ4rcO/SP2rFRZ0Mcj1iQ=
> =Gkct
> -----END PGP SIGNATURE-----
> _______________________________________________
> freebsd-security@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
>
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
- Previous message: Jacques A. Vidrine: "Re: mbuf vulnerability"
- In reply to: FreeBSD Security Advisories: "FreeBSD Security Advisory FreeBSD-SA-04:04.tcp"
- Next in thread: Carlos A. Carnero Delgado: "Re: FreeBSD Security Advisory FreeBSD-SA-04:04.tcp"
- Reply: Carlos A. Carnero Delgado: "Re: FreeBSD Security Advisory FreeBSD-SA-04:04.tcp"
- Reply: Mike Tancsa: "Re: FreeBSD Security Advisory FreeBSD-SA-04:04.tcp"
- Reply: Jacques A. Vidrine: "Re: FreeBSD Security Advisory FreeBSD-SA-04:04.tcp"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
