FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FreeBSD -- routed(8) remote denial of service vulnerability

Affected packages
10.1 <= FreeBSD < 10.1_17
9.3 <= FreeBSD < 9.3_22

Details

VuXML ID 0d584493-600a-11e6-a6c3-14dae9d210b8
Discovery 2015-08-05
Entry 2016-08-11

Problem Description:

The input path in routed(8) will accept queries from any source and attempt to answer them. However, the output path assumes that the destination address for the response is on a directly connected network.

Impact:

Upon receipt of a query from a source which is not on a directly connected network, routed(8) will trigger an assertion and terminate. The affected system's routing table will no longer be updated. If the affected system is a router, its routes will eventually expire from other routers' routing tables, and its networks will no longer be reachable unless they are also connected to another router.

References

CVE Name CVE-2015-5674
FreeBSD Advisory SA-15:19.routed