[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#778367: kfreebsd-10: CVE-2014-7250 resource consumption issue

package: src:kfreebsd-10
severity: important
tags: security


the following vulnerability was published for kfreebsd-10.

| The TCP stack in 4.3BSD Net/2, as used in FreeBSD 5.4, NetBSD possibly
| 2.0, and OpenBSD possibly 3.6, does not properly implement the session
| timer, which allows remote attackers to cause a denial of service
| (resource consumption) via crafted packets.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2014-7250

Note that the versions mentioned in the advisory are really old
(freebsd 5.4), but unfortunately there aren't enough details yet to
actually check.

Best wishes,

Reply to: