FreeBSD : FreeBSD -- Resource exhaustion due to sessions stuck in LAST_ACK state (0c064c43-600a-11e6-a6c3-14dae9d210b8)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

TCP connections transitioning to the LAST_ACK state can become
permanently stuck due to mishandling of protocol state in certain
situations, which in turn can lead to accumulated consumption and
eventual exhaustion of system resources, such as mbufs and sockets.
Impact : An attacker who can repeatedly establish TCP connections to a
victim system (for instance, a Web server) could create many TCP
connections that are stuck in LAST_ACK state and cause resource
exhaustion, resulting in a denial of service condition. This may also
happen in normal operation where no intentional attack is conducted,
but an attacker who can send specifically crafted packets can trigger
this more reliably.

See also :

http://www.nessus.org/u?f308e480

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.1
(CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 92889 ()

Bugtraq ID:

CVE ID: CVE-2015-5358

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now