Resource exhaustion in FreeBSD - CVE-2018-6922
Published: August 7, 2018 / Updated: July 28, 2019
Vulnerability identifier: #VU14203
CSH Severity: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2018-6922
CWE-ID: CWE-400
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
FreeBSD
FreeBSD
Software vendor:
FreeBSD Foundation
FreeBSD Foundation
Description
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists due to the system uses an inefficient TCP reassembly algorithm. A remote attacker can send specially crafted packets within ongoing TCP sessions to consume excessive CPU resources and cause the service to crash.
Remediation
As a workaround, system administrators should configure their systems to only accept TCP connections from trusted end-stations, if it is possible to do so.
For systems which must accept TCP connections from untrusted end-stations, the workaround is to limit the size of each reassembly queue. The capability to do that is added by the patches noted in the "Solution" section below.
For systems which must accept TCP connections from untrusted end-stations, the workaround is to limit the size of each reassembly queue. The capability to do that is added by the patches noted in the "Solution" section below.