发布时间 :2004-03-15 00:00:00
修订时间 :2017-10-09 21:30:18

[原文]FreeBSD 5.1 and earlier, and Mac OS X before 10.3.4, allows remote attackers to cause a denial of service (resource exhaustion of memory buffers and system crash) via a large number of out-of-sequence TCP packets, which prevents the operating system from creating new connections.

[CNNVD]FreeBSD Out Of Sequence包远程拒绝服务攻击漏洞(CNNVD-200403-072)

        当接收到out-of-sequence TCP包时,会在目标系统安排一个重组队列进行重组和重排。由于FreeBSD系统没有限制保存在重组队列中TCP数据段的数量,远程攻击者可以使用较小的带宽对基于TCP服务的机器进行拒绝服务攻击。通过发送多个out-of-sequence TCP数据段,攻击者可以使目标机器消耗大量的内存缓冲(``mbufs'')而导致系统崩溃。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/o:freebsd:freebsd:4.6.2FreeBSD 4.6.2
cpe:/o:freebsd:freebsd:4.7FreeBSD 4.7
cpe:/o:freebsd:freebsd:4.8FreeBSD 4.8
cpe:/o:freebsd:freebsd:4.9FreeBSD 4.9
cpe:/o:freebsd:freebsd:5.0FreeBSD 5.0
cpe:/o:freebsd:freebsd:5.1FreeBSD 5.1
cpe:/o:freebsd:freebsd:5.2FreeBSD 5.2
cpe:/o:openbsd:openbsd:3.3OpenBSD 3.3
cpe:/o:openbsd:openbsd:3.4OpenBSD 3.4

- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(VENDOR_ADVISORY)  IDEFENSE  20040302 FreeBSD Memory Buffer Exhaustion Denial of Service Vulnerability
(UNKNOWN)  XF  freebsd-mbuf-dos(15369)

- 漏洞信息

FreeBSD Out Of Sequence包远程拒绝服务攻击漏洞
中危 其他
2004-03-15 00:00:00 2005-05-13 00:00:00
        当接收到out-of-sequence TCP包时,会在目标系统安排一个重组队列进行重组和重排。由于FreeBSD系统没有限制保存在重组队列中TCP数据段的数量,远程攻击者可以使用较小的带宽对基于TCP服务的机器进行拒绝服务攻击。通过发送多个out-of-sequence TCP数据段,攻击者可以使目标机器消耗大量的内存缓冲(``mbufs'')而导致系统崩溃。

- 公告与补丁

        FreeBSD-SA-04:04:many out-of-sequence TCP packets denial-of-service
        1) 将有漏洞的系统升级到4-STABLE,或修订日期后的_5_2,RELENG_4_9或RELENG_4_8
        2) 为当前系统打补丁:
        已验证下列补丁可应用于FreeBSD 4.x和5.x系统。
        a) 从以下位置下载相关补丁,并使用PGP工具验证附带的PGP签名。
        [FreeBSD 5.2]
        # fetch
        # fetch
        [FreeBSD 4.8, 4.9]
        # fetch
        # fetch
        b) 应用补丁
        # cd /usr/src
        # patch < /path/to/patch
        c) 按照>所述方式重新

- 漏洞信息

Multiple BSD mbufs Out-of-Sequence TCP Packet DoS
Remote / Network Access Denial of Service
Loss of Availability

- 漏洞描述

FreeBSD and OpenBSD contain a flaw that may allow a remote denial of service. The issue is triggered when multiple out-of-sequence tcp packets are sent, and will result in loss of availability for the platform.

- 时间线

2004-03-02 2004-01-22
Unknow Unknow

- 解决方案

Currently, there are no known workarounds or upgrades to correct this issue. However, the FreeBSD Project and OpenBSD have released patches to address this vulnerability.

- 相关参考

- 漏洞作者

- 漏洞信息

BSD Out Of Sequence Packets Remote Denial Of Service Vulnerability
Failure to Handle Exceptional Conditions 9792
Yes No
2004-03-02 12:00:00 2009-07-12 03:06:00
Vulnerability discovery credited to Alexander Cuttergo.

- 受影响的程序版本

SGI IRIX 6.5.25
SGI IRIX 6.5.24
SGI IRIX 6.5.23
SGI IRIX 6.5.22
OpenBSD OpenBSD 3.4
OpenBSD OpenBSD 3.3
FreeBSD FreeBSD 5.2
FreeBSD FreeBSD 5.1
FreeBSD FreeBSD 5.0
FreeBSD FreeBSD 4.9
FreeBSD FreeBSD 4.8
FreeBSD FreeBSD 4.7
FreeBSD FreeBSD 4.6.2
F5 BigIP 4.5.11
F5 BigIP 4.5.10
F5 BigIP 4.5.9
F5 BigIP 4.5.6
F5 BigIP 4.5
F5 BigIP 4.4
F5 BigIP 4.3
F5 BigIP 4.2
F5 BigIP 2.1
F5 BigIP 2.0
F5 3-DNS 4.6.2
F5 3-DNS 4.6
F5 3-DNS 4.5
F5 3-DNS 4.4
F5 3-DNS 4.3
F5 3-DNS 4.2
BorderWare Firewall Server 7.0

- 漏洞讨论

A problem in the handling of out-of-sequence packets has been identified in BSD variants such as FreeBSD and OpenBSD. Because of this, it may be possible for remote attackers to deny service to legitimate users of vulnerable systems.

- 漏洞利用

It has been stated that exploits for this issue exist in the wild. However, there are currently no publicly available exploits.

- 解决方案

Fixes for certain FreeBSD revisions have been made available to correct this issue.

SGI has released an advisory (20040905-01-P) and updates dealing with this issue for affected IRIX platforms. Customers are advised to see the referenced advisory for further information regarding obtaining and applying appropriate updates.

BorderWare has released patches dealing with this issue for their Firewall Server product. Please contact the vendor for more information and details on obtaining the patch.

F5 BIG-IP and 3-DNS are also reportedly affected by this issue. Customers with AskF5 access may find instructions on obtaining and applying patches at the following location:

F5 customers may also contact for further details.

Patches have also been made available for OpenBSD.

OpenBSD OpenBSD 3.3

OpenBSD OpenBSD 3.4

FreeBSD FreeBSD 4.8

FreeBSD FreeBSD 4.9

FreeBSD FreeBSD 5.2

SGI IRIX 6.5.22

SGI IRIX 6.5.23

SGI IRIX 6.5.24

SGI IRIX 6.5.25

- 相关参考