FreeBSD : FreeBSD -- ipfilter(4) fragment handling panic (51d1282d-420e-11e7-82c5-14dae9d210b8)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

ipfilter(4), capable of stateful packet inspection, using the 'keep
state' or 'keep frags' rule options, will not only maintain the state
of connections, such as TCP streams or UDP communication, it also
maintains the state of fragmented packets. When a packet fragments are
received they are cached in a hash table (and linked list). When a
fragment is received it is compared with fragments already cached in
the hash table for a match. If it does not match the new entry is used
to create a new entry in the hash table. If on the other hand it does
match, unfortunately the wrong entry is freed, the entry in the hash
table. This results in use after free panic (and for a brief moment
prior to the panic a memory leak due to the wrong entry being freed).
Impact : Carefully feeding fragments that are allowed to pass by an
ipfilter(4) firewall can be used to cause a panic followed by reboot
loop denial of service attack.

See also :

http://www.nessus.org/u?1765c7dd

Solution :

Update the affected packages.

Risk factor :

High

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 100497 ()

Bugtraq ID:

CVE ID: CVE-2017-1081

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now