Source: Zoomlion
Released on: 2006-01-27
Updated on: 2006-01-27
Affected Systems:
FreeBSD 6.0-STABLE
FreeBSD 6.0-RELEASE
FreeBSD 5.4
FreeBSD 5.3
OpenBSD current
OpenBSD 3.8
OpenBSD 3.7
Description:
--------------------------------------------------------------------------------
Bugtraq id: 16375
CVE (CAN) ID: CVE-2006-0381
OpenBSD is an open-source Unix operating system.
A remote attacker can exploit this vulnerability to initiate a Denial-of-Service attack on the server.
Remote attackers may cause kernel crash through specially crafted malicious fragmented packets.
<* Source: Jakob Schlyter
Daniel Hartmeier
Link: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:07.pf.asc
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
FreeBSD
-------
FreeBSD has released a Security Bulletin (FreeBSD-SA-06: 07) and patches for this:
FreeBSD-SA-06: 07: IP fragment handling panic in pf (4)
Link: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:07.pf.asc
Patch download:
# Fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:07/pf.patch
# Fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:07/pf.patch.asc
OpenBSD
-------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.openbsd.org/cgi-bin/cvsweb/src/sys/net/pf_norm.c.diff? R1 = 1.103 & r2 = 1.104
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
