FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FreeBSD -- Infinite loop in SACK handling

Affected systems
5.4 < FreeBSD < 5.4_11
5.3 < FreeBSD < 5.3_26

Details

VuXML ID dfb71c00-9d44-11da-8c1d-000e0c2e438a
Discovery 2006-02-01
Entry 2006-02-14
Modified 2006-06-09

Problem description:

When insufficient memory is available to handle an incoming selective acknowledgement, the TCP/IP stack may enter an infinite loop.

Impact:

By opening a TCP connection and sending a carefully crafted series of packets, an attacker may be able to cause a denial of service.

Workaround:

On FreeBSD 5.4, the net.inet.tcp.sack.enable sysctl can be used to disable the use of SACK:

# sysctl net.inet.tcp.sack.enable=0

No workaround is available for FreeBSD 5.3.

References

CVE Name CVE-2006-0433
FreeBSD Advisory SA-06:08.sack