|
|
Info |
Last Modified |
| 6 months ago |
|
|
|
|
Description |
FreeBSD and OpenBSD contain a flaw that may allow a remote denial of service. The issue is triggered when a malicious user sends TCP RST packets to a victim system to terminate its connection, which takes advantage of FreeBSD and OpenBSD's interpretation of sequence numbers in RST packets, and will result in loss of availability for the platform.
|
|
Classification |
Location:
Remote/Network Access Required
Attack Type:
Denial of Service
Impact:
Loss of Availability
Exploit:
Exploit Rumored / Private
Disclosure:
OSVDB Verified
|
|
Technical |
This BSD TCP/IP Reset vulnerability differs from some other reset vulnerabilities because of the flawed platform interpretation of sequence numbers, not a lack of acknowledgment number checking.
|
|
Solution |
Currently, there are no known workarounds or upgrades to correct this issue. However, FreeBSD and OpenBSD released patches to address this vulnerability.
|
|
Products |
|
FreeBSD
 |
2.2.0 |
2.2.3 |
2.2.4 |
2.2.5 |
2.2.6 |
2.2.1 |
2.2.2 |
2.2.7 |
2.2.7-RELEASE |
2.2.7-STABLE |
|
OpenBSD
|
2.0 |
2.1 |
2.2 |
2.3 |
2.4 |
|
|
|
|
Credit |
Unknown or Incomplete
|
|
BlogsProvided by Technorati
|
None found at this time
|
|
|
