Vulnerabilities > CVE-2002-0518 - Denial Of Service vulnerability in Freebsd 4.5

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

freebsd

NVD

Published: 2002-08-12

Updated: 2008-09-05

Summary

The SYN cache (syncache) and SYN cookie (syncookie) mechanism in FreeBSD 4.5 and earlier allows remote attackers to cause a denial of service (crash) (1) via a SYN packet that is accepted using syncookies that causes a null pointer to be referenced for the socket's TCP options, or (2) by killing and restarting a process that listens on the same socket, which does not properly clear the old inpcb pointer on restart.

Vulnerable Configurations

Part	Description	Count
OS	Freebsd Freebsd Freebsd 4.5	2

References

ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:20.syncache.asc
http://www.iss.net/security_center/static/8873.php
http://www.iss.net/security_center/static/8875.php
http://www.osvdb.org/6046
http://www.securityfocus.com/bid/4524