FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FreeBSD -- ipsec crash or denial of service

Affected packages
11.1 <= FreeBSD-kernel < 11.1_9
10.4 <= FreeBSD-kernel < 10.4_8
10.3 <= FreeBSD-kernel < 10.3_29

Details

VuXML ID c0c5afef-38db-11e8-8b7f-a4badb2f469b
Discovery 2018-04-04
Entry 2018-04-05

Problem Description:

The length field of the option header does not count the size of the option header itself. This causes a problem when the length is zero, the count is then incremented by zero, which causes an infinite loop.

In addition there are pointer/offset mistakes in the handling of IPv4 options.

Impact:

A remote attacker who is able to send an arbitrary packet, could cause the remote target machine to crash.

References

CVE Name CVE-2018-6918
FreeBSD Advisory SA-18:05.ipsec

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.