Cyber security news 2014: Denial of service in FreeBSD
Revealed the vulnerability in all supported branches of FreeBSD
The flaw allows an attacker to reset the TCP connection by sending a specially designed package.
In all versions of network operating systems FreeBSD has been discovered vulnerability (CVE-2004-0230). The flaw allows an attacker to reset the TCP connection by sending a TCP packet, which contain bogus IP-address. To commit attacks cybercriminals was enough just to know numbers of active ports.
Vulnerability: Denial of service in FreeBSD
Danger level: Low
Availability Corrections: Yes
Number of vulnerabilities: 1
CVSSv2 Rating: (AV: N / AC: L / Au: N / C: N / I: N / A: P / E: U / RL: O / RC: C) = Base: 5 / Temporal: 3.7
CVE ID: CVE-2004-0230
• Vector operation: Remote
• Impact: Denial of service
• Affected products: FreeBSD 9.s, FreeVSD 10.x, FreeBSD 8.4
• Affected versions: FreeBSD 10.1, FreeBSD 9.3, FreeBSD 8.4
Vulnerabilities allow a remote user to cause a denial of service.
The vulnerability is caused due to an error in the implementation of the TCP protocol stack. A remote user can, with help of specially designed packages, reset the TCP connection.
Solution: Install the latest version from the manufacturer’s website.
Manufacturer URL: http://www.freebsd.org/