Bug#778367: kfreebsd-10: CVE-2014-7250 resource consumption issue

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#778367: kfreebsd-10: CVE-2014-7250 resource consumption issue
From: Michael Gilbert <mgilbert@debian.org>
Date: Fri, 13 Feb 2015 23:08:45 -0500
Message-id: <[🔎] CANTw=MNJFVDzt+xyxWt2ip4Fk4taWNHpFT0NmdDORowNFjEeTA@mail.gmail.com>
Reply-to: Michael Gilbert <mgilbert@debian.org>, 778367@bugs.debian.org

package: src:kfreebsd-10
severity: important
tags: security

Hi,

the following vulnerability was published for kfreebsd-10.

CVE-2014-7250[0]:
| The TCP stack in 4.3BSD Net/2, as used in FreeBSD 5.4, NetBSD possibly
| 2.0, and OpenBSD possibly 3.6, does not properly implement the session
| timer, which allows remote attackers to cause a denial of service
| (resource consumption) via crafted packets.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2014-7250

Note that the versions mentioned in the advisory are really old
(freebsd 5.4), but unfortunately there aren't enough details yet to
actually check.

Best wishes,
Mike

Reply to:

Follow-Ups:
- Bug#778367: kfreebsd-10: CVE-2014-7250 resource consumption issue
  - From: Steven Chamberlain <steven@pyro.eu.org>

Prev by Date: Processed: your mail
Next by Date: Bug#684072: CVE-2011-2393
Previous by thread: Processed: your mail
Next by thread: Bug#778367: kfreebsd-10: CVE-2014-7250 resource consumption issue
Index(es):
- Date
- Thread