A new security advisory has been released by the FreeBSD team that affects all versions of the operating system.
I. Background
The Transmission Control Protocol (TCP) of the TCP/IP protocol suite
provides a connection-oriented, reliable, sequence-preserving data
stream service. When network packets making up a TCP stream (“TCP
segments”) are received out-of-sequence, they are maintained in a
reassembly queue by the destination system until they can be re-ordered
and re-assembled.
II. Problem Description
FreeBSD does not limit the number of TCP segments that may be held in a
reassembly queue.
III. Impact
A remote attacker may conduct a low-bandwidth denial-of-service attack
against a machine providing services based on TCP (there are many such
services, including HTTP, SMTP, and FTP). By sending many
out-of-sequence TCP segments, the attacker can cause the target machine
to consume all available memory buffers (“mbufs”), likely leading to
a system crash.
They supply patches for FreeBSD 4.8, 4.9 and 5.2 and you can either apply those and rebuild just the kernel or upgrade your world to recent releases.
