|
|
Info |
Last Modified |
| 8 months ago |
|
|
|
|
Description |
Certain BSD derived TCP/IP stacks contain a flaw that may allow a remote denial of service. The issue is triggered when a malicious user creates and sends a pair of malformed IP packets that are reassembled into an invalid UDP datagram. The invalid UDP datagram will cause the kernel to panic and crash, resulting in a loss of availability for the platform.
|
|
Classification |
Location:
Remote/Network Access Required
Attack Type:
Denial of Service
Impact:
Loss of Availability
Exploit:
Exploit Available
Disclosure:
OSVDB Verified
|
|
Solution |
Upgrade BSD to version 4.0 or higher, as it has been reported to fix this vulnerability. In addition, BSDI has released a patch for some older versions.
Upgrade FreeBSD to version 3.0 or higher after the correction date, as it has been reported to fix this vulnerability. In addition, FreeBSD has released a patch for some older versions.
Upgrade OpenBSD to version 2.4 or higher after the correction date, as it has been reported to fix this vulnerability. In addition, OpenBSD has released a patch for some older versions.
|
|
Products |
|
FreeBSD
 |
1.x |
2.1.x |
2.0.x |
2.2.2 |
2.2.8 |
3.0-x |
|
BSD
|
3.1 |
|
OpenBSD
|
2.2 |
2.3 |
2.4 |
|
|
|
|
Credit |
Unknown or Incomplete
|
|
BlogsProvided by Technorati
|
None found at this time
|
|
|
