[SECURITY-L] OpenBSD: TCP reassembly DoS
CSIRT - UNICAMP
security em unicamp.br
Qua Mar 10 10:06:52 -03 2004
----- Forwarded message from Rafael R Obelheiro <rro em das.ufsc.br> -----
From: Rafael R Obelheiro <rro em das.ufsc.br>
Subject: [S] OpenBSD: TCP reassembly DoS
To: seguranca em pangeia.com.br
Date: Tue, 9 Mar 2004 13:22:19 -0300
Organization: DAS-UFSC
----- Forwarded message from Markus Friedl <markus em openbsd.org> -----
Date: Tue, 9 Mar 2004 13:50:49 +0100
From: Markus Friedl <markus em openbsd.org>
Subject: TCP reassembly DoS
To: security-announce em openbsd.org
OpenBSD's TCP/IP stack did not impose limits on how many out-of-order
TCP segments are queued in the system.
If an attacker was allowed to connect to an open TCP port, he could send
out-of-order TCP segments and trick the system into using all available
memory buffers. Packet handling would be impaired, and new connections
would fail until the the attacking TCP connection is closed.
The problem is fixed in -current, 3.4-stable and 3.3-stable.
Patches are available at:
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.4/common/013_tcp.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/018_tcp.patch
----- End forwarded message -----
----- End forwarded message -----
Mais detalhes sobre a lista de discussão SECURITY-L