Main Vulnerability Database Vulnerabilities #VU18846

#VU18846 Resource exhaustion in FreeBSD - CVE-2019-5599

Published: June 19, 2019

Vulnerability identifier: #VU18846

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2019-5599

CWE-ID: CWE-400

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
FreeBSD

Software vendor:
FreeBSD Foundation

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to an error when processing acknowledgements within the TCP loss detection algorithm RACK ("Recent ACKnowledgment"). A remote attacker can trigger resource exhaustion by sending specially crafted TCP packets to the affected system, which causes the several linked lists, used by RACK, to grow unbounded.

Successful exploitation of the vulnerability allows an attacker to perform denial of service attack (lower network performance, consume excessive CPU), but requires that system is compiled with RACK support.

Remediation

Install updates from vendor's website.

External links

https://www.freebsd.org/security/advisories/FreeBSD-SA-19:08.rack.asc

#VU18846 Resource exhaustion in FreeBSD - CVE-2019-5599

Description

Remediation

External links

Please verify you're human