FreeBSD-SA-26:06.tcp - remote DoS

[gbeastie]

Hi,

I was wondering why we don't see more online coverage of FreeBSD-SA-26:06.tcp

III. Impact

If an attacker is either on path with an established TCP connection, or can
themselves establish a TCP connection, to an affected FreeBSD machine, they
can easily craft and send packets which meet the challenge ACK criteria and
cause the FreeBSD host to leak an mbuf for each crafted packet in excess of
the configured rate limit settings i.e. with default settings, crafted packets
in excess of the first 5 sent within a 1s period will leak an mbuf.

To me this reads as if you just need to flood a system with TCP packets that trigger the challenge ACK to DoS it within seconds. Any system with sshd, http(s) or any other tcp service exposed to the world is vulnerable. Did I get this right? Pretty serious! Why is this not talked about more?

 

[SirDice]

Pretty serious!

Good thing it got patched.

Why is this not talked about more?

There's a security advisory. What more is there to talk about?

 

[gbeastie]

Sure. Just wondering why this doesn't show up anywhere. Serious software vulnerabilities normally are on tech news sites and blogs. So I was wondering if my understanding is wrong (not instant DoS) or if it is really basically ignored by the crowd.

 

[SirDice]

Serious software vulnerabilities normally are on tech news sites and blogs.

How many of them regularly post any FreeBSD news?

 

[PMc]

Hi,

I was wondering why we don't see more online coverage of FreeBSD-SA-26:06.tcp

To me this reads as if you just need to flood a system with TCP packets that trigger the challenge ACK to DoS it within seconds. Any system with sshd, http(s) or any other tcp service exposed to the world is vulnerable. Did I get this right?

I would say, just try it out.

After all it's only a DoS, and I'm wondering anyway what makes the difference between a DoS, or software failing due to coding sloppiness, or software failing due to installing an exploitable bug disguised as a fix.