JVN#20930118
FreeBSD vulnerable to denial-of-service (DoS)
Overview
FreeBSD contains a denial-of-service (DoS) vulnerability.
Products Affected
- FreeBSD versions prior to 7.0
Description
FreeBSD contains a denial-of-service (DoS) vulnerability (CWE-400) due to improper handling of TSopt on TCP connections.
Impact
A remote attacker may be able to cause a denial-of-service (DoS) condition.
Solution
Update the software
Update the software to the latest version according to the information provided by the developer.
This vulnerability was fixed in 2006 September 25 by the following FreeBSD commit.
- commit 4dc630cdd2f7a790604d2724ecb19c6aa95130a7
- Author: John-Mark Gurney <jmg@FreeBSD.org>
- Date: Mon Sep 25 07:22:39 2006 +0000
Vendor Status
| Vendor | Link |
| FreeBSD | The FreeBSD Project |
| commit 4dc630cdd2f7a790604d2724ecb19c6aa95130a7 |
References
JPCERT/CC Addendum
This JVN publication was delayed to 2022/6/15 after the developer's fix was published.
This vulnerability was reported to IPA in 2006. JPCERT/CC then started to coordinate with the developers, but the coordination had been delayed for a long time after that.
In April 2022, the developer contacted JPCERT/CC that the vulnerability had been fixed on September 25, 2006, and JPCERT/CC resumed coordination with the developer for the JVN publication, leading to this publication.
Vulnerability Analysis by JPCERT/CC
| Attack Vector(AV) | Physical (P) | Local (L) | Adjacent (A) | Network (N) |
|---|---|---|---|---|
| Attack Complexity(AC) | High (H) | Low (L) | ||
| Privileges Required(PR) | High (H) | Low (L) | None (N) | |
| User Interaction(UI) | Required (R) | None (N) | ||
| Scope(S) | Unchanged (U) | Changed (C) | ||
| Confidentiality Impact(C) | None (N) | Low (L) | High (H) | |
| Integrity Impact(I) | None (N) | Low (L) | High (H) | |
| Availability Impact(A) | None (N) | Low (L) | High (H) |
| Access Vector(AV) | Local (L) | Adjacent Network (A) | Network (N) |
|---|---|---|---|
| Access Complexity(AC) | High (H) | Medium (M) | Low (L) |
| Authentication(Au) | Multiple (M) | Single (S) | None (N) |
| Confidentiality Impact(C) | None (N) | Partial (P) | Complete (C) |
| Integrity Impact(I) | None (N) | Partial (P) | Complete (C) |
| Availability Impact(A) | None (N) | Partial (P) | Complete (C) |
Credit
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2022-32264 |
| JVN iPedia |
JVNDB-2022-000045 |