Multiple BSD pf Crafted IP Fragment Ruleset DoS

2006-01-25T00:00:00
ID OSVDB:22732
Type osvdb
Reporter Jakob Schlyter(jakob@openbsd.org), Daniel Hartmeier(dhartmei@openbsd.org)
Modified 2006-01-25T00:00:00

Description

Vulnerability Description

Packet Filter (PF) contains a flaw that may allow a remote denial of service. The issue is triggered when a logic bug in the IP fragment cache may result in a packet fragment being inserted twice, violating a kernel invariant. This will result in loss of availability for the platform.

Solution Description

Upgrade to FreeBSD version 5-STABLE or 6-STABLE, or to the RELENG_6_0, RELENG_5_4, or RELENG_5_3 security branch dated after the correction date, as it has been reported to fix this vulnerability. In addition, FreeBSD has released a patch to address this vulnerability.

OpenBSD has released a patch to address this vulnerability.

It is also possible to correct the flaw by implementing the following workaround: Do not use 'scrub fragment crop' or 'scrub fragment drop-ovl' rules on systems running pf.

Short Description

Packet Filter (PF) contains a flaw that may allow a remote denial of service. The issue is triggered when a logic bug in the IP fragment cache may result in a packet fragment being inserted twice, violating a kernel invariant. This will result in loss of availability for the platform.

References:

Vendor Specific Solution URL: ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:07/pf.patch Vendor Specific Solution URL: http://www.openbsd.org/cgi-bin/cvsweb/src/sys/net/pf_norm.c.diff?r1=1.103&r2=1.104 Vendor Specific Solution URL: ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:07/pf.patch.asc Vendor Specific Advisory URL Security Tracker: 1015542 Secunia Advisory ID:18609 Other Advisory URL: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:07.pf.asc Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-01/0401.html Keyword: FreeBSD-SA-06:07.pf CVE-2006-0381 Bugtraq ID: 16375