ISS X-Force Database: bsd-ip-fragments-dos(6636): NetBSD bogus fragmented IPv4 packets denial of service

NetBSD bogus fragmented IPv4 packets denial of service

bsd-ip-fragments-dos (6636)

Medium Risk

Description:

NetBSD is vulnerable to a denial of service attack, caused by a vulnerability in the IPv4 implementation. A remote attacker can send a large amount of bogus fragmented IPv4 packets to prevent the NetBSD node from communication with other nodes.

Note: This vulnerability also affects the Quantum Snap Server 4100, which uses a BSD-based operating system as its underlying operating system.

Platforms Affected:

FreeBSD, FreeBSD 3.0
FreeBSD, FreeBSD 3.1
FreeBSD, FreeBSD 3.2
FreeBSD, FreeBSD 3.3
FreeBSD, FreeBSD 3.4
FreeBSD, FreeBSD 3.5
FreeBSD, FreeBSD 4.0
NetBSD, NetBSD 1.4
NetBSD, NetBSD 1.5
Quantum, Quantum Snap Server 4100

Remedy:

For NetBSD-current before April 17, 2001: Upgrade to the latest version of NetBSD (NetBSD-current dated April 17, 2001 or later), as listed in NetBSD Security Advisory 2001-006. See References. For NetBSD 1.5.x before April 24, 2001: Upgrade to the latest version of NetBSD (NetBSD 1.5.x dated April 24, 2001 or later), as listed in NetBSD Security Advisory 2001-006. See References.

Consequences:

Denial of Service

References:

BugTraq Mailing List, Thu May 30 2002 - 03:45:09 CDT, 2 security problem Quantum SNAP server at http://archives.neohapsis.com/archives/bugtraq/2002-05/0268.html.
FreeBSD Security Advisory FreeBSD-SA-01:52, Denial of service using fragmented IPv4 packets at ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:52.fragment.asc.
NetBSD Security Advisory 2001-006, Denial of service using bogus fragmented IPv4 packets at http://archives.neohapsis.com/archives/bugtraq/2001-05/0286.html.
BID-2799: Multiple BSD Vendor IP Fragment Queue Resource Exhaustion Vulnerability
BID-4894: Quantum Snap Server Denial of Service Vulnerability
CVE-2001-0710: NetBSD 1.5 and earlier and FreeBSD 4.3 and earlier allows a remote attacker to cause a denial of service by sending a large number of IP fragments to the machine, exhausting the mbuf pool.

Reported:

May 29, 2001

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page