FreeBSD : FreeBSD -- Resource exhaustion in TCP reassembly (0cb9d5bb-600a-11e6-a6c3-14dae9d210b8)

Medium Nessus Plugin ID 92891


The remote FreeBSD host is missing one or more security-related updates.


There is a mistake with the introduction of VNET, which converted the global limit on the number of segments that could belong to reassembly queues into a per-VNET limit. Because mbufs are allocated from a global pool, in the presence of a sufficient number of VNETs, the total number of mbufs attached to reassembly queues can grow to the total number of mbufs in the system, at which point all network traffic would cease. Impact : An attacker who can establish concurrent TCP connections across a sufficient number of VNETs and manipulate the inbound packet streams such that the maximum number of mbufs are enqueued on each reassembly queue can cause mbuf cluster exhaustion on the target system, resulting in a Denial of Service condition.

As the default per-VNET limit on the number of segments that can belong to reassembly queues is 1/16 of the total number of mbuf clusters in the system, only systems that have 16 or more VNET instances are vulnerable.


Update the affected packages.

See Also

Plugin Details

Severity: Medium

ID: 92891

File Name: freebsd_pkg_0cb9d5bb600a11e6a6c314dae9d210b8.nasl

Version: $Revision: 2.3 $

Type: local

Published: 2016/08/12

Modified: 2018/02/20

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P


Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:FreeBSD-kernel, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info, Settings/ParanoidReport

Patch Publication Date: 2016/08/11

Vulnerability Publication Date: 2015/07/28

Reference Information

CVE: CVE-2015-1417

FreeBSD: SA-15:15.tcp