FreeBSD < 10.3-RELEASE-p19 / 11.0 < 11.0-RELEASE-p10 ipfilter Kernel Module Packet Fragment DoS (FreeBSD-SA-17:04.ipfilter)

high Nessus Plugin ID 99994

Language:

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

The version of the FreeBSD kernel running on the remote host is prior to 10.3-RELEASE-p19 or 11.0 prior to 11.0-RELEASE-p10. It, therefore, affected by a use-after-free error in the ipfilter kernel module (ipl.ko) due to freeing the wrong entry in a hash table when matching packet fragments are processed. An unauthenticated, remote attacker can exploit this issue, via specially crafted packet fragments, to cause a panic and reboot, resulting in a denial of service condition.

Note that this issue only affects hosts with ipfilter enabled and the 'keep state' or 'keep frags' rule options enabled.

Solution

Upgrade to FreeBSD version 10.3-RELEASE-p19 / 11.0-RELEASE-p10 or later. Alternatively, apply the patch referenced in the advisory.

See Also

http://www.nessus.org/u?e471fb57

Plugin Details

Severity: High

ID: 99994

File Name: freebsd_sa-17-04_ipfilter.nasl

Version: 1.8

Type: local

Published: 5/5/2017

Updated: 12/7/2018

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 5.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS Score Source: CVE-2017-1081

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Settings/ParanoidReport, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Ease: No known exploits are available

Patch Publication Date: 4/27/2017

Vulnerability Publication Date: 4/27/2017

Reference Information

CVE: CVE-2017-1081

BID: 98089