Input validation error in FreeBSD

#VU41196 Input validation error in FreeBSD

Published: 2014-10-27 | Updated: 2020-08-10

Vulnerability identifier: #VU41196

Vulnerability risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2014-3955

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
FreeBSD
Operating systems & Components / Operating system

Vendor: FreeBSD Foundation

Description

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

routed in FreeBSD 8.4 through 10.1-RC2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an RIP request from a source not on a directly connected network.

Mitigation
Install update from vendor's website.

Vulnerable software versions

FreeBSD: 8.4 - 10.1

External links
http://secunia.com/advisories/61865
http://www.securitytracker.com/id/1031099
http://www.freebsd.org/security/advisories/FreeBSD-SA-14:21.routed.asc

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Input validation error in FreeBSD