#VU14203 Resource exhaustion in FreeBSD - CVE-2018-6922

Cybersecurity Help s.r.o.

Published: 2018-08-07 | Updated: 2019-07-28

Vulnerability identifier: #VU14203

Vulnerability risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2018-6922

CWE-ID: CWE-400

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
FreeBSD
Operating systems & Components / Operating system

Vendor: FreeBSD Foundation

Description
The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to the system uses an inefficient TCP reassembly algorithm. A remote attacker can send specially crafted packets within ongoing TCP sessions to consume excessive CPU resources and cause the service to crash.

Mitigation
As a workaround, system administrators should configure their systems to only accept TCP connections from trusted end-stations, if it is possible to do so.

For systems which must accept TCP connections from untrusted end-stations, the workaround is to limit the size of each reassembly queue. The capability to do that is added by the patches noted in the "Solution" section below.

Vulnerable software versions

FreeBSD: 5.3 - 11.1

External links
https://www.freebsd.org/security/advisories/FreeBSD-SA-18:08.tcp.asc

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Denial of service in IBM AIX

Denial of service in Cisco products

Denial of service in FreeBSD