FreeBSD TCP/IP SACK Infinite Loop DoS

2006-02-01T00:00:00
ID OSVDB:22861
Type osvdb
Reporter Scott Wood()
Modified 2006-02-01T00:00:00

Description

Vulnerability Description

FreeBSD contains a flaw that may allow a remote denial of service. The issue is triggered when system memory is insufficient to permit the SACK (Selective Acknowledgement) extension to the TCP/IP protocol to properly handle an incoming selective acknowledgement. A malicious attacker can send a series of specially crafted packets to trigger this condition, resulting in a loss of availability for the platform.

Solution Description

Upgrade to version 5-STABLE or to the RELENG_5_4 or RELENG_5_3 security branch dated after the correction date, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the patch from FreeBSD or by implementing the following workaround:

sysctl net.inet.tcp.sack.enable=0

Short Description

FreeBSD contains a flaw that may allow a remote denial of service. The issue is triggered when system memory is insufficient to permit the SACK (Selective Acknowledgement) extension to the TCP/IP protocol to properly handle an incoming selective acknowledgement. A malicious attacker can send a series of specially crafted packets to trigger this condition, resulting in a loss of availability for the platform.

References:

Vendor Specific Solution URL: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-06:08/sack.patch Vendor Specific Solution URL: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-06:08/sack.patch.asc Vendor Specific Advisory URL Security Tracker: 1015566 Secunia Advisory ID:18696 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-02/0009.html CVE-2006-0433