FreeBSD < 10.3-RELEASE-p19 / 11.0 < 11.0-RELEASE-p10 ipfilter Kernel Module Packet Fragment DoS (FreeBSD-SA-17:04.ipfilter)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

The version of the FreeBSD kernel running on the remote host is prior
to 10.3-RELEASE-p19 or 11.0 prior to 11.0-RELEASE-p10. It, therefore,
affected by a use-after-free error in the ipfilter kernel module
(ipl.ko) due to freeing the wrong entry in a hash table when matching
packet fragments are processed. An unauthenticated, remote attacker
can exploit this issue, via specially crafted packet fragments, to
cause a panic and reboot, resulting in a denial of service condition.

Note that this issue only affects hosts with ipfilter enabled and the
'keep state' or 'keep frags' rule options enabled.

See also :

http://www.nessus.org/u?e471fb57

Solution :

Upgrade to FreeBSD version 10.3-RELEASE-p19 / 11.0-RELEASE-p10 or
later. Alternatively, apply the patch referenced in the advisory.

Risk factor :

High / CVSS Base Score : 7.1
(CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 5.9
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 99994 ()

Bugtraq ID: 98089

CVE ID: CVE-2017-1081

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now