FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

ipfw -- IP fragment denial of service

Affected systems
6.0 < FreeBSD < 6.0_2


VuXML ID d7c1d00d-9d2e-11da-8c1d-000e0c2e438a
Discovery 2006-01-11
Entry 2006-02-14
Modified 2006-06-09

Problem description:

The firewall maintains a pointer to layer 4 header information in the event that it needs to send a TCP reset or ICMP error message to discard packets. Due to incorrect handling of IP fragments, this pointer fails to get initialized.


An attacker can cause the firewall to crash by sending ICMP IP fragments to or through firewalls which match any reset, reject or unreach actions.


Change any reset, reject or unreach actions to deny. It should be noted that this will result in packets being silently discarded.


CVE Name CVE-2006-0054
FreeBSD Advisory SA-06:04.ipfw