In FreeBSD 12.0-STABLE before r349197 and 12.0-RELEASE prior to 12.0-RELEASE-p6, a bug in the non-default RACK TCP stack can allow an malicious user to cause several linked lists to grow unbounded and cause an expensive list traversal on every packet being processed, leading to resource exhaustion and a denial of service.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
freebsd freebsd 12.0 |
Don't let miscreants play hacky-SACK with your gear. Apply these mitigations, patches now if you can
It is possible to crash vulnerable network-facing Linux servers, PCs, and gadgets, or slow down their network connections, by sending them a series of maliciously crafted packets. It is also possible to hamper vulnerable FreeBSD machines with the same attack. Given that Linux powers an incredible amount of stuff these days, all sorts of gear from network or internet-connected TVs, routers, thermostats, light switches, CCTV cameras, and robot vacuum cleaners, to servers, PCs, smart fridges, phone...