Notification: New Vulnerability in FreeBSD – September 17, 2014

Posted: September 17, 2014 in Vulnerability News
Tags: ,

FreeBSD Logo

Vulnerability in FreeBSD

Cyber security news 2014: Denial of service in FreeBSD

Revealed the vulnerability in all supported branches of FreeBSD

The flaw allows an attacker to reset the TCP connection by sending a specially designed package.

In all versions of network operating systems FreeBSD has been discovered vulnerability (CVE-2004-0230). The flaw allows an attacker to reset the TCP connection by sending a TCP packet, which contain bogus IP-address. To commit attacks cybercriminals was enough just to know numbers of active ports.

Vulnerability: Denial of service in FreeBSD

Danger level: Low
Availability Corrections: Yes
Number of vulnerabilities: 1

CVSSv2 Rating: (AV: N / AC: L / Au: N / C: N / I: N / A: P / E: U / RL: O / RC: C) = Base: 5 / Temporal: 3.7
CVE ID: CVE-2004-0230

• Vector operation: Remote
• Impact: Denial of service

• Affected products: FreeBSD 9.s, FreeVSD 10.x, FreeBSD 8.4
• Affected versions: FreeBSD 10.1, FreeBSD 9.3, FreeBSD 8.4

Description:

Vulnerabilities allow a remote user to cause a denial of service.

The vulnerability is caused due to an error in the implementation of the TCP protocol stack. A remote user can, with help of specially designed packages, reset the TCP connection.

Solution: Install the latest version from the manufacturer’s website.


 

FreeBSD logoManufacturer URL: http://www.freebsd.org/
Link: https://www.freebsd.org/security/advisories/FreeBSD-SA-14:19.tcp.asc

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s