This script is Copyright (C) 2017 Tenable Network Security, Inc.
The remote FreeBSD host is missing a security-related update.
The version of the FreeBSD kernel running on the remote host is prior
to 10.3-RELEASE-p19 or 11.0 prior to 11.0-RELEASE-p10. It, therefore,
affected by a use-after-free error in the ipfilter kernel module
(ipl.ko) due to freeing the wrong entry in a hash table when matching
packet fragments are processed. An unauthenticated, remote attacker
can exploit this issue, via specially crafted packet fragments, to
cause a panic and reboot, resulting in a denial of service condition.
Note that this issue only affects hosts with ipfilter enabled and the
'keep state' or 'keep frags' rule options enabled.
See also :
Upgrade to FreeBSD version 10.3-RELEASE-p19 / 11.0-RELEASE-p10 or
later. Alternatively, apply the patch referenced in the advisory.
Risk factor :
High / CVSS Base Score : 7.1
CVSS Temporal Score : 5.9
Public Exploit Available : true