diff options
Diffstat (limited to 'share/security/advisories/FreeBSD-SA-16:05.tcp.asc')
| -rw-r--r-- | share/security/advisories/FreeBSD-SA-16:05.tcp.asc | 129 |
1 files changed, 0 insertions, 129 deletions
diff --git a/share/security/advisories/FreeBSD-SA-16:05.tcp.asc b/share/security/advisories/FreeBSD-SA-16:05.tcp.asc deleted file mode 100644 index 8035177ba4..0000000000 --- a/share/security/advisories/FreeBSD-SA-16:05.tcp.asc +++ /dev/null @@ -1,129 +0,0 @@ ------BEGIN PGP SIGNED MESSAGE----- -Hash: SHA512 - -============================================================================= -FreeBSD-SA-16:05.tcp Security Advisory - The FreeBSD Project - -Topic: TCP MD5 signature denial of service - -Category: core -Module: kernel -Announced: 2016-01-14 -Credits: Ryan Stone, - Jonathan T. Looney -Affects: All supported versions of FreeBSD. -Corrected: 2016-01-14 09:11:42 UTC (stable/10, 10.2-STABLE) - 2016-01-14 09:10:46 UTC (releng/10.2, 10.2-RELEASE-p9) - 2016-01-14 09:11:16 UTC (releng/10.1, 10.1-RELEASE-p26) - 2016-01-14 09:11:48 UTC (stable/9, 9.3-STABLE) - 2016-01-14 09:11:26 UTC (releng/9.3, 9.3-RELEASE-p33) -CVE Name: CVE-2016-1882 - -For general information regarding FreeBSD Security Advisories, -including descriptions of the fields above, security branches, and the -following sections, please visit <URL:https://security.FreeBSD.org/>. - -I. Background - -The Transmission Control Protocol (TCP) of the TCP/IP protocol suite -provides a connection-oriented, reliable, sequence-preserving data -stream service. An optional extension to TCP described in RFC 2385 allows -protecting data streams against spoofed packets with MD5 signature. - -Support for TCP MD5 signatures is not enabled in default kernel. - -II. Problem Description - -A programming error in processing a TCP connection with both TCP_MD5SIG -and TCP_NOOPT socket options may lead to kernel crash. - -III. Impact - -A local attacker can crash the kernel, resulting in a denial-of-service. - -A remote attack is theoretically possible, if server has a listening -socket with TCP_NOOPT set, and server is either out of SYN cache entries, -or SYN cache is disabled by configuration. - -IV. Workaround - -No workaround is available, but installations running a default kernel, -or a custom kernel without TCP_SIGNATURE option are not vulnerable. - -V. Solution - -Perform one of the following: - -1) Upgrade your vulnerable system to a supported FreeBSD stable or -release / security branch (releng) dated after the correction date. - -System reboot is required. - -2) To update your vulnerable system via a source code patch: - -The following patches have been verified to apply to the applicable -FreeBSD release branches. - -a) Download the relevant patch from the location below, and verify the -detached PGP signature using your PGP utility. - -# fetch https://security.FreeBSD.org/patches/SA-16:05/tcp.patch -# fetch https://security.FreeBSD.org/patches/SA-16:05/tcp.patch.asc -# gpg --verify tcp.patch.asc - -b) Apply the patch. Execute the following commands as root: - -# cd /usr/src -# patch < /path/to/patch - -c) Recompile your kernel as described in -<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the -system. - -VI. Correction details - -The following list contains the correction revision numbers for each -affected branch. - -Branch/path Revision -- ------------------------------------------------------------------------- -stable/9/ r293898 -releng/9.3/ r293896 -stable/10/ r293897 -releng/10.1/ r293894 -releng/10.2/ r293893 -- ------------------------------------------------------------------------- - -To see which files were modified by a particular revision, run the -following command, replacing NNNNNN with the revision number, on a -machine with Subversion installed: - -# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base - -Or visit the following URL, replacing NNNNNN with the revision number: - -<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN> - -VII. References - -<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1882> - -The latest revision of this advisory is available at -<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-16:05.tcp.asc> ------BEGIN PGP SIGNATURE----- - -iQIcBAEBCgAGBQJWl2j3AAoJEO1n7NZdz2rnrWcQAN+QX6wEvC7FkTXyX2LHFWas -CVOI/KkxkHSVwYMMScmorG27OxDsHTkvrGfqyVbYDczmC5NY+AorMiZMoo7CHn5J -gYmS8NZvBPeMKmFt45lBTBDnKT6mOvHBz6UPhyyHruvR6VZ2h3fyLqYzbMKcy12i -Onmk/nm3vgrqOCmnqYQN8Xo2v2x4KcKU3/jegK+pdfOwd9Q1bmxzBWwFx8yc7pZ0 -3YItalkiMsuRppSuNS9fGoRSoB/Ybf/8pu6SDnhvJnw4CIRGAl3IDKpBanB7F/9E -sofcI499s+uyOHPY8TrQ62L4UjteEukwaV8EJh6vPaLm3pns0cSURzKczgytTH3G -Nz9GcI3hYdfbXRBgJvwtZv9JY5s3ZtPiqqTwHta7AdplXwiOJJ1Ylso5lZ4beiJh -q7Sv+YMJr9cNfnYmSGv33rKN4hdae7XfJm+Ipde4bpgCLFpKkb/aQaGxGlowjDaW -0C77qCg+se3TzwGl0A7ClEq4dLaadTsiShQCpZGQOgc6Wgz9QUBGxU811e3KQHLo -3XQgxGSB9+3d7YiK/ZNkzi8d89VXMgUOx4HoOZ7+SkVBg1+qpbiYnk8VJjLmXyOz -dPtDbzWG68wluWcSc7TD5yIYx2Lw4E9ZMWzh2boOxEWrcd9mxCUPiU9nsF+PIAPG -kTcLnX0+iXijpKMnQpgP -=UjjC ------END PGP SIGNATURE----- |