[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#778367: kfreebsd-10: CVE-2014-7250 resource consumption issue

forwarded 778367 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=195243
tags 778367 + moreinfo


Michael Gilbert wrote:
> Note that the versions mentioned in the advisory are really old
> (freebsd 5.4), but unfortunately there aren't enough details yet to
> actually check.

There are barely any details at all:


It is an "issue in the handling of the TCP session timer, which may
lead to a denial-of-service".

"When a sepcially crafted packet from a malicious server is received,
a condition where client resources are not released may occur".


"This JVN publication was delayed to 2014/11/21 after developer fixes
were developed";  only a few proprietary systems are mentioned as
'not vulnerable'.

On the day of publication, the FreeBSD bug was opened by a third party
with still no additional details.  It doesn't seem that JVN notified
OpenBSD either.

Steven Chamberlain

Reply to: