-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Reference: CERT-EU Security Advisory 2014-0045 Title: FreeBSD Security Advisory. Version history: 13.05.2014 Initial publication Summary ======= When network packets making up a TCP stream (``TCP segments'') are received out-of-sequence, they are maintained in a reassembly queue by the destination system until they can be re-ordered and re-assembled. An attacker who can send a series of specifically crafted packets with aconnection could cause a denial of service situation by causing the kernel to crash.[1] CVE number: CVE-2014-3000 CVSS v2 Base Score: 7.8 (HIGH) (AV:N/AC:M/AU:N/C:P/I:N/A:C) [2] Afected Platform ================ FreeBSD 8.3 before p16, 8.4 before p9, 9.1 before p12, 9.2 before p5, and 10.0 before p2. Technical details ================ FreeBSD may add a reassemble queue entry on the stack into the segment list when the reassembly queue reaches its limit. The memory from the stack is undefined after the function returns. Subsequent iterations of the reassembly function will attempt to access this entry. [1] What can you do? ================ There is an update from the provider.[1] More information [1] http://www.freebsd.org/security/advisories/FreeBSD-SA-14:08.tcp.asc [2] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3000 Best regards, CERT-EU Team (http://cert.europa.eu ) Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu PGP KeyID 0x46AC4383 FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383 Privacy Statement: http://cert.europa.eu/cert/plainedition/en/cert_privacy.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQIcBAEBAgAGBQJTcjhPAAoJEPpzpNLI8SVoXZEQAISsnjIZ9HxylsgIYHxPohtl 6R3SkxN9q1ayba+9FC/3TQxszh9IUd7yiZBBVl6qcms6kVDAU0FKw4PUbvezfm8D 1LY2lc/ISa6UcNFYjVcq0WSpQyfAJdw79vwcya4pXsr9YW06SXytxCq20TzC76VF glVLx12ceWgVHTGli6Uy/tMwSPHPcdydfk1CnluJerw/Ysrk8JjyCh66civWbBOJ PTcugn073AfeISLo8qQMG9Qa3/e/TGSqPp4YmKDhtf4Q1Y2iWRJ74m02msaS6IT7 ReIL2gbiy6MMriQ7DVzBwDVa4Z1pEB5aiT0sEFctw7Rv0x+Dm3wrxcTuT0dyS+9C HTTQq15AILrDIaetxVMe4rV/iq7KpsHDuthKusAbOfFx6ZeIpv5QECcGzkSVAOK1 H0PR4Z1MT6CWpWdbDRtTJhit2z85Ju3k9SxwsdLa9ylLEn0KJqnGlMLVlVfh+AjF +o1Z4OMXvLwo4uaWe6Lh7G5XwC+beLmAtGxIqTxeDX55w/WNllma85wmhKkQBPSB OW6qwbAVALnHzmum8AYvUEtrzxPhBSf0aygK/oV1ph/zzKUWjCvqbTfUBhHIi8b0 VFabU6YNd58yN9D7k6TlWFhwv8bIMdqSg57yzO5ZeGMl0X+Kah1EVX953uF5Pli0 xm2QqO7uMAaDZezBUzop =xi1J -----END PGP SIGNATURE-----