Release date:
Updated on:
Affected Systems:
FreeBSD <9.2 p5
FreeBSD <9.1 p12
FreeBSD <8.4 p9
FreeBSD <8.3 p16
FreeBSD <10.0 p2
Description:
--------------------------------------------------------------------------------
Bugtraq id: 67153
CVE (CAN) ID: CVE-2014-3000
FreeBSD is a UNIX operating system and an important branch of Unix developed from BSD, javasbsd, and 4.4BSD.
In FreeBSD 8.3, 8.4, 9.1, 9.2, 10.0, and earlier versions, the TCP reorganization function of the inet module has a security vulnerability that allows remote attackers to use multiple specially crafted data packets, this vulnerability can cause denial of service or read system memory.
A simple tutorial on Rsync synchronization on FreeBSD 8
FreeBSD8.2 system installation Salt
Create FreeBSD system custom installation ISO
FreeBSD builds NAT and configures multiple VLANs on a single Nic
FreeBSD + Windows dual-system installation
<* Source: Jonathan Looney
Link: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-14:08.tcp.asc
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
FreeBSD
-------
FreeBSD has released a Security Bulletin (FreeBSD-SA-14: 08.tcp) and patches for this:
FreeBSD-SA-14: 08.tcp: TCP reassembly vulnerability
Link: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-14:08.tcp.asc
This article permanently updates the link address: