Lucene search

FreeBSDDFB71C00-9D44-11DA-8C1D-000E0C2E438A

HistoryFeb 01, 2006 - 12:00 a.m.

FreeBSD -- Infinite loop in SACK handling

2006-02-0100:00:00

vuxml.freebsd.org

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.066 Low

EPSS

Percentile

93.8%

JSON

Problem description:
When insufficient memory is available to handle an
incoming selective acknowledgement, the TCP/IP stack may
enter an infinite loop.
Impact:
By opening a TCP connection and sending a carefully crafted
series of packets, an attacker may be able to cause a denial
of service.
Workaround:
On FreeBSD 5.4, the net.inet.tcp.sack.enable sysctl can be used to
disable the use of SACK:

sysctl net.inet.tcp.sack.enable=0

No workaround is available for FreeBSD 5.3.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchfreebsd= 5.4UNKNOWN
FreeBSDanynoarchfreebsd< 5.4_11UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	freebsd	= 5.4	UNKNOWN
FreeBSD	any	noarch	freebsd	< 5.4_11	UNKNOWN

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.066 Low

EPSS

Percentile

93.8%

JSON

Related for DFB71C00-9D44-11DA-8C1D-000E0C2E438A