FreeBSD Security Advisory FreeBSD-SA-04:04.tcp
Mike Tancsa
mike at sentex.net
Tue Mar 2 12:12:41 PST 2004
At 03:06 PM 02/03/2004, Daniel Spielman wrote:
>is FreeBSD 5.2.1 affected by this exploit ?
It would appear so based on
http://docs.freebsd.org/cgi/mid.cgi?200403021724.i22HOk8W071644
---Mike
>On Tue, 2 Mar 2004, FreeBSD Security Advisories wrote:
>
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> >
> =============================================================================
> > FreeBSD-SA-04:04.tcp Security Advisory
> > The FreeBSD
> Project
> >
> > Topic: many out-of-sequence TCP packets denial-of-service
> >
> > Category: core
> > Module: kernel
> > Announced: 2004-03-02
> > Credits: iDEFENSE
> > Affects: All FreeBSD releases
> > Corrected: 2004-03-02 17:19:18 UTC (RELENG_4)
> > 2004-03-02 17:24:46 UTC (RELENG_5_2, 5.2.1-RELEASE-p1)
> > 2004-03-02 17:26:33 UTC (RELENG_4_9, 4.9-RELEASE-p3)
> > 2004-03-02 17:27:47 UTC (RELENG_4_8, 4.8-RELEASE-p16)
> > CVE Name: CAN-2004-0171
> > FreeBSD only: NO
> >
> > I. Background
> >
> > The Transmission Control Protocol (TCP) of the TCP/IP protocol suite
> > provides a connection-oriented, reliable, sequence-preserving data
> > stream service. When network packets making up a TCP stream (``TCP
> > segments'') are received out-of-sequence, they are maintained in a
> > reassembly queue by the destination system until they can be re-ordered
> > and re-assembled.
> >
> > II. Problem Description
> >
> > FreeBSD does not limit the number of TCP segments that may be held in a
> > reassembly queue.
> >
> > III. Impact
> >
> > A remote attacker may conduct a low-bandwidth denial-of-service attack
> > against a machine providing services based on TCP (there are many such
> > services, including HTTP, SMTP, and FTP). By sending many
> > out-of-sequence TCP segments, the attacker can cause the target machine
> > to consume all available memory buffers (``mbufs''), likely leading to
> > a system crash.
> >
> > IV. Workaround
> >
> > It may be possible to mitigate some denial-of-service attacks by
> > implementing timeouts at the application level.
> >
> > V. Solution
> >
> > Do one of the following:
> >
> > 1) Upgrade your vulnerable system to 4-STABLE, or to the RELENG_5_2,
> > RELENG_4_9, or RELENG_4_8 security branch dated after the correction
> > date.
> >
> > OR
> >
> > 2) Patch your present system:
> >
> > The following patch has been verified to apply to FreeBSD 4.x and 5.x
> > systems.
> >
> > a) Download the relevant patch from the location below, and verify the
> > detached PGP signature using your PGP utility.
> >
> > [FreeBSD 5.2]
> > # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:04/tcp52.patch
> > # fetch
> ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:04/tcp52.patch.asc
> >
> > [FreeBSD 4.8, 4.9]
> > # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:04/tcp47.patch
> > # fetch
> ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:04/tcp47.patch.asc
> >
> > b) Apply the patch.
> >
> > # cd /usr/src
> > # patch < /path/to/patch
> >
> > c) Recompile your kernel as described in
> > <URL:http://www.freebsd.org/handbook/kernelconfig.html> and reboot the
> > system.
> >
> > VI. Correction details
> >
> > The following list contains the revision numbers of each file that was
> > corrected in FreeBSD.
> >
> > Branch Revision
> > Path
> > - -------------------------------------------------------------------------
> > RELENG_4
> > src/UPDATING 1.73.2.90
> > src/sys/conf/newvers.sh 1.44.2.33
> > src/sys/netinet/tcp_input.c 1.107.2.40
> > src/sys/netinet/tcp_subr.c 1.73.2.33
> > src/sys/netinet/tcp_var.h 1.56.2.15
> > RELENG_5_2
> > src/UPDATING 1.282.2.9
> > src/sys/conf/newvers.sh 1.56.2.8
> > src/sys/netinet/tcp_input.c 1.217.2.2
> > src/sys/netinet/tcp_subr.c 1.169.2.4
> > src/sys/netinet/tcp_var.h 1.93.2.2
> > RELENG_4_9
> > src/UPDATING 1.73.2.89.2.4
> > src/sys/conf/newvers.sh 1.44.2.32.2.4
> > src/sys/netinet/tcp_input.c 1.107.2.38.2.1
> > src/sys/netinet/tcp_subr.c 1.73.2.31.4.1
> > src/sys/netinet/tcp_var.h 1.56.2.13.4.1
> > RELENG_4_8
> > src/UPDATING 1.73.2.80.2.19
> > src/sys/conf/newvers.sh 1.44.2.29.2.17
> > src/sys/netinet/tcp_input.c 1.107.2.37.2.1
> > src/sys/netinet/tcp_subr.c 1.73.2.31.2.1
> > src/sys/netinet/tcp_var.h 1.56.2.13.2.1
> > - -------------------------------------------------------------------------
> >
> > VII. References
> >
> >
> <URL:http://www.idefense.com/application/poi/display?id=78&type=vulnerabilities>
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.2.4
> >
> > iD8DBQFAROKHFdaIBMps37IRAu9EAJ9VY70IDYdjr6GkKJCJCGyvBV3OcQCeIXwL
> > UDTQ4rcO/SP2rFRZ0Mcj1iQ=
> > =Gkct
> > -----END PGP SIGNATURE-----
> > _______________________________________________
> > freebsd-security at freebsd.org mailing list
> > http://lists.freebsd.org/mailman/listinfo/freebsd-security
> > To unsubscribe, send any mail to "freebsd-security-unsubscribe at freebsd.org"
> >
>_______________________________________________
>freebsd-security at freebsd.org mailing list
>http://lists.freebsd.org/mailman/listinfo/freebsd-security
>To unsubscribe, send any mail to "freebsd-security-unsubscribe at freebsd.org"
More information about the freebsd-security
mailing list