Title: Multiple Vendor *BSD Denial of Service Vulnerability
Severity: LOW
Description:
A denial of service attack exists that affects FreeBSD, NetBSD and OpenBSD. It is believed that all versions of these operating systems are vulnerable. The vulnerability is related to setting socket options regarding the size of the send and receive buffers on a socketpair. By setting them to certain values, and performing a write the size of the value the options have been set to, FreeBSD can be made to panic. NetBSD and OpenBSD do not panic, but network applications will stop responding.
Details behind why this happens have not been made available.
Affected Products:
- FreeBSD FreeBSD 3.1.0
- FreeBSD FreeBSD 3.2.0
- FreeBSD FreeBSD 3.3.0
- FreeBSD FreeBSD 3.4.0
- FreeBSD FreeBSD 4.0.0
- FreeBSD FreeBSD 5.0.0
- NetBSD NetBSD 1.4.1 Alpha
- NetBSD NetBSD 1.4.1 SPARC
- NetBSD NetBSD 1.4.1 x86
- NetBSD NetBSD 1.4.2 Alpha
- NetBSD NetBSD 1.4.2 SPARC
- NetBSD NetBSD 1.4.2 x86
- OpenBSD OpenBSD 2.5.0
- OpenBSD OpenBSD 2.6.0
- OpenBSD OpenBSD 2.7.0
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
