Overview
FreeBSD fails to limit the number of TCP segments held in a reassembly queue which could allow an attacker to exhaust all available memory buffers (mbufs) on the destination system resulting in a denial-of-service condition.
Description
The Transmission Control Protocol (TCP) is part of the TCP/IP protocol suite and designed to provide reliable and connection-oriented service. In order to provide reliable service, TCP is designed to process packets that are delivered out of order so that these packets can later be re-assembled to create the entire TCP segment. There is a vulnerability in the way FreeBSD handles out-of-sequence TCP segments. When network packets making up a TCP segment are received out-of-sequence, these packets are held in a reassembly queue on the destination system so that they can be re-ordered and re-assembled. By sending a large number of out-of-sequence TCP packets, an unauthenticated, remote attacker could exhaust all memory buffers (mbufs) on the destination system resulting in a denial-of-service condition. |
Impact
An unauthenticated, remote attacker could exhaust all memory buffers (mbufs) on the destination system resulting in a denial-of-service condition. |
Solution
Upgrade According to FreeBSD: |
Vendor Information
CVSS Metrics
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
References
Acknowledgements
This vulnerability was reported by iDEFENSE.
This document was written by Damon Morda.
Other Information
CVE IDs: | CVE-2004-0171 |
Severity Metric: | 6.83 |
Date Public: | 2004-02-18 |
Date First Published: | 2004-03-04 |
Date Last Updated: | 2004-03-04 20:08 UTC |
Document Revision: | 26 |