FreeBSD < 10.3-RELEASE-p19 / 11.0 < 11.0-RELEASE-p10 ipfilter Kernel Module Packet Fragment DoS (FreeBSD-SA-17:04.ipfilter)

High Nessus Plugin ID 99994


The remote FreeBSD host is missing a security-related update.


The version of the FreeBSD kernel running on the remote host is prior to 10.3-RELEASE-p19 or 11.0 prior to 11.0-RELEASE-p10. It, therefore, affected by a use-after-free error in the ipfilter kernel module (ipl.ko) due to freeing the wrong entry in a hash table when matching packet fragments are processed. An unauthenticated, remote attacker can exploit this issue, via specially crafted packet fragments, to cause a panic and reboot, resulting in a denial of service condition.

Note that this issue only affects hosts with ipfilter enabled and the 'keep state' or 'keep frags' rule options enabled.


Upgrade to FreeBSD version 10.3-RELEASE-p19 / 11.0-RELEASE-p10 or later. Alternatively, apply the patch referenced in the advisory.

See Also

Plugin Details

Severity: High

ID: 99994

File Name: freebsd_sa-17-04_ipfilter.nasl

Version: $Revision: 1.3 $

Type: local

Published: 2017/05/05

Modified: 2017/08/14

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 7.1

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:ND


Base Score: 5.9

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Vulnerability Information

CPE: cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info, Settings/ParanoidReport

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2017/04/27

Vulnerability Publication Date: 2017/04/27

Reference Information

CVE: CVE-2017-1081

BID: 98089

OSVDB: 156574