[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#778367: kfreebsd-10: CVE-2014-7250 resource consumption issue

forwarded 778367 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=195243
tags 778367 + moreinfo
thanks

Hi,

Michael Gilbert wrote:
> Note that the versions mentioned in the advisory are really old
> (freebsd 5.4), but unfortunately there aren't enough details yet to
> actually check.

There are barely any details at all:

http://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000134.html

It is an "issue in the handling of the TCP session timer, which may
lead to a denial-of-service".

"When a sepcially crafted packet from a malicious server is received,
a condition where client resources are not released may occur".

https://jvn.jp/en/jp/JVN07930208/index.html

"This JVN publication was delayed to 2014/11/21 after developer fixes
were developed";  only a few proprietary systems are mentioned as
'not vulnerable'.

On the day of publication, the FreeBSD bug was opened by a third party
with still no additional details.  It doesn't seem that JVN notified
OpenBSD either.

Regards,
-- 
Steven Chamberlain
steven@pyro.eu.org
Reply to: