Lucene search

FreeBSDD7C1D00D-9D2E-11DA-8C1D-000E0C2E438A

HistoryJan 11, 2006 - 12:00 a.m.

ipfw -- IP fragment denial of service

2006-01-1100:00:00

vuxml.freebsd.org

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.019 Low

EPSS

Percentile

88.5%

JSON

Problem description:
The firewall maintains a pointer to layer 4 header
information in the event that it needs to send a TCP reset
or ICMP error message to discard packets. Due to incorrect
handling of IP fragments, this pointer fails to get
initialized.
Impact:
An attacker can cause the firewall to crash by sending ICMP
IP fragments to or through firewalls which match any reset,
reject or unreach actions.
Workaround:
Change any reset, reject or unreach actions to deny. It
should be noted that this will result in packets being
silently discarded.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchfreebsd= 6.0UNKNOWN
FreeBSDanynoarchfreebsd< 6.0_2UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	freebsd	= 6.0	UNKNOWN
FreeBSD	any	noarch	freebsd	< 6.0_2	UNKNOWN

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.019 Low

EPSS

Percentile

88.5%

JSON

Related for D7C1D00D-9D2E-11DA-8C1D-000E0C2E438A