FreeBSD -- routed(8) remote denial of service vulnerability

ID 734233F4-6007-11E6-A6C3-14DAE9D210B8
Type freebsd
Reporter FreeBSD
Modified 2014-10-21T00:00:00


Problem Description: The input path in routed(8) will accept queries from any source and attempt to answer them. However, the output path assumes that the destination address for the response is on a directly connected network. Impact: Upon receipt of a query from a source which is not on a directly connected network, routed(8) will trigger an assertion and terminate. The affected system's routing table will no longer be updated. If the affected system is a router, its routes will eventually expire from other routers' routing tables, and its networks will no longer be reachable unless they are also connected to another router.