FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FreeBSD -- TCP MD5 signature denial of service

Affected packages
10.2 <= FreeBSD-kernel < 10.2_9
10.1 <= FreeBSD-kernel < 10.1_26
9.3 <= FreeBSD-kernel < 9.3_33

Details

VuXML ID 79dfc135-600a-11e6-a6c3-14dae9d210b8
Discovery 2016-01-14
Entry 2016-08-11

Problem Description:

A programming error in processing a TCP connection with both TCP_MD5SIG and TCP_NOOPT socket options may lead to kernel crash.

Impact:

A local attacker can crash the kernel, resulting in a denial-of-service.

A remote attack is theoretically possible, if server has a listening socket with TCP_NOOPT set, and server is either out of SYN cache entries, or SYN cache is disabled by configuration.

References

CVE Name CVE-2016-1882
FreeBSD Advisory SA-16:05.tcp