From owner-freebsd-net@FreeBSD.ORG Wed Feb 25 23:43:28 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3459116A4CE; Wed, 25 Feb 2004 23:43:28 -0800 (PST) Received: from mizar.origin-it.net (mizar.origin-it.net [194.8.96.234]) by mx1.FreeBSD.org (Postfix) with ESMTP id 71EF443D3F; Wed, 25 Feb 2004 23:43:27 -0800 (PST) (envelope-from helge.oldach@atosorigin.com) Received: from matar.hbg.de.int.atosorigin.com (dehsfw3e.origin-it.net [194.8.96.68])i1Q7hQUF099565 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 26 Feb 2004 08:43:26 +0100 (CET) (envelope-from helge.oldach@atosorigin.com) Received: from galaxy.hbg.de.ao-srv.com (galaxy.hbg.de.ao-srv.com [161.89.20.4])ESMTP id i1Q7hPgX028291; Thu, 26 Feb 2004 08:43:25 +0100 (CET) (envelope-from helge.oldach@atosorigin.com) Received: (from hmo@localhost) by galaxy.hbg.de.ao-srv.com (8.9.3p2/8.9.3/hmo30mar03) id IAA18903; Thu, 26 Feb 2004 08:43:25 +0100 (MET) Message-Id: <200402260743.IAA18903@galaxy.hbg.de.ao-srv.com> In-Reply-To: <20040218220230.GF47727@madman.celabo.org> from "Jacques A. Vidrine" at "Feb 18, 2004 11: 2:30 pm" To: nectar@freebsd.org (Jacques A. Vidrine) Date: Thu, 26 Feb 2004 08:43:24 +0100 (MET) From: Helge Oldach X-Address: Atos Origin GmbH, Friesenstraße 13, D-20097 Hamburg, Germany X-Phone: +49 40 7886 7464, Fax: +49 40 7886 9464, Mobile: +49 160 4782517 MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit cc: security-team@freebsd.org cc: freebsd-net@freebsd.org Subject: Re: Fwd: [is this mbuf problem real?] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Feb 2004 07:43:28 -0000 All, maybe someone can comment on the status of this alert? There have been some comments about fixing it on freebsd-net@ but I haven't seen a CVS log - or I just missed it. Thanks. Helge Jacques A. Vidrine: >Does anyone have time to investigate? I will try to get more >information from iDEFENSE. > >Cheers, >-- >Jacques Vidrine / nectar@celabo.org / jvidrine@verio.net / >nectar@freebsd.org > >----- Forwarded message from Baby Peanut ----- > >Date: Wed, 18 Feb 2004 06:21:25 -0800 (PST) >From: Baby Peanut >To: freebsd-security@freebsd.org >Subject: is this mbuf problem real? >Message-ID: <20040218142125.49433.qmail@web41902.mail.yahoo.com> > >BM_207650 >MEDIUM >Vulnerability >Version: 1 2/18/2004@03:47:29 GMT >Initial report > >ID#207650: >FreeBSD Memory Buffer Exhaustion Denial of Service Vulnerability >(iDEFENSE Exclusive): Remote exploitation of a denial of service (DoS) >vulnerability in FreeBSD's memory buffers (mbufs) could allow attackers >to launch a DoS attack. > >By sending many out-of-sequence packets, a low bandwidth denial of >service attack is possible against FreeBSD. When the targeted system >runs out of memory buffers (mbufs), it is no longer able to accept or >create new connections. > > >Analysis: (iDEFENSE US) Exploitation of this vulnerability requires >that the targeted system has at least one open TCP port. > >The DoS will last until the port is closed, either by the attacker or >the target machine. > >Detection: iDEFENSE has confirmed this vulnerability exists in FreeBSD >5.1 (default install from media). It is expected that it also exists >in earlier versions. > >Exploit: iDEFENSE has proof of concept exploit code demonstrating the >impact of this vulnerability. > > >Vulnerability Types: Design Error - Denial of Service >Prevalence and Popularity: Almost always >Evidence of Active Exploitation or Probing: No known exploitation or >spike in probing >Ease of Exploitation: Remotely Exploitable >Existence and Availability of Exploit Code: An Exploit exists and is >closely traded. >Vulnerability Consequence: Availability > >__________________________________ >Do you Yahoo!? >Yahoo! Mail SpamGuard - Read only the mail you want. >http://antispam.yahoo.com/tools >_______________________________________________ >freebsd-security@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-security >To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" > > >----- End forwarded message ----- > >_______________________________________________ >freebsd-net@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-net >To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >