FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FreeBSD -- Denial of Service in TCP packet processing

Affected packages
10.0 <= FreeBSD-kernel < 10.0_9
9.3 <= FreeBSD-kernel < 9.3_2
9.2 <= FreeBSD-kernel < 9.2_12
9.1 <= FreeBSD-kernel < 9.1_19
8.4 <= FreeBSD-kernel < 8.4_16


VuXML ID 729c4a9f-6007-11e6-a6c3-14dae9d210b8
Discovery 2014-09-16
Entry 2016-08-11

Problem Description:

When a segment with the SYN flag for an already existing connection arrives, the TCP stack tears down the connection, bypassing a check that the sequence number in the segment is in the expected window.


An attacker who has the ability to spoof IP traffic can tear down a TCP connection by sending only 2 packets, if they know both TCP port numbers. In case one of the two port numbers is unknown, a successful attack requires less than 2**17 packets spoofed, which can be generated within less than a second on a decent connection to the Internet.


CVE Name CVE-2004-0230
FreeBSD Advisory SA-14:19.tcp