Title: FreeBSD IPFW IP Fragment Remote Denial Of Service Vulnerability
Severity: MODERATE
Description:
FreeBSD IPFW is a packet filtering firewall that is integrated into the operating system's kernel.
FreeBSD's IPFW is susceptible to a remote denial of service vulnerability. This issue is due to a flaw in affected kernels that results in an uninitialized kernel memory access when handling ICMP IP fragments.
This issue presents itself when the firewall is configured to use the 'reset', 'reject', or 'unreach' firewall actions. When IPFW is required to generate TCP reset or ICMP error messages while discarding network packets, it references a pointer to the layer 4 header information of the packet that caused the reply to be generated. When handling IP fragments, the pointer to the header information fails to be properly initialized, resulting in a kernel crash when creating the reply packet.
This issue allows remote attackers to crash affected kernels, denying further network service to legitimate users.
Affected Products:
- FreeBSD FreeBSD 6.0.0 -RELEASE
- FreeBSD FreeBSD 6.0.0 -STABLE
References:
- FreeBSD: FreeBSD Homepage
- FreeBSD: FreeBSD Security Information
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
