FreeBSD Security Advisory FreeBSD-SA-14:08.tcp
Karl Pielorz
kpielorz_lst at tdx.co.uk
Thu May 1 14:19:56 UTC 2014
--On 30 April 2014 04:35:10 +0000 FreeBSD Security Advisories
<security-advisories at freebsd.org> wrote:
> II. Problem Description
>
> FreeBSD may add a reassemble queue entry on the stack into the segment
> list when the reassembly queue reaches its limit. The memory from the
> stack is undefined after the function returns. Subsequent iterations of
> the reassembly function will attempt to access this entry.
Hi,
Does this require an established TCP session to be present? - i.e. If you
have a host which provides no external TCP sessions (i.e. replies
'Connection Refused' / drops the initial SYN) would that still be
potentially exploitable?
What about boxes used as routers - that just forward the traffic (and
again, offer no TCP services directly themselves)?
-Karl
More information about the freebsd-security
mailing list