In FreeBSD 12.0-STABLE before r349197 and 12.0-RELEASE before 12.0-RELEASE-p6, a bug in the non-default RACK TCP stack can allow an attacker to cause several linked lists to grow unbounded and cause an expensive list traversal on every packet being processed, leading to resource exhaustion and a denial of service.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/153329/Linux-FreeBSD-TCP-Based-Denial-Of-Service.html | Third Party Advisory VDB Entry |
http://packetstormsecurity.com/files/153378/FreeBSD-Security-Advisory-FreeBSD-SA-19-08.rack.html | Third Party Advisory VDB Entry |
http://www.openwall.com/lists/oss-security/2019/06/17/5 | Mailing List Third Party Advisory |
https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md | Mitigation Third Party Advisory |
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193 | Third Party Advisory |
https://seclists.org/bugtraq/2019/Jun/27 | Mailing List Mitigation Patch Third Party Advisory |
https://security.FreeBSD.org/advisories/FreeBSD-SA-19:08.rack.asc | Mitigation Vendor Advisory |
https://security.netapp.com/advisory/ntap-20190625-0004/ | Third Party Advisory |
https://support.f5.com/csp/article/K75521003 | Third Party Advisory |
https://www.kb.cert.org/vuls/id/905115 | Third Party Advisory US Government Resource |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: freebsd
Published: 2019-07-02T20:02:17
Updated: 2019-07-02T20:09:11
Reserved: 2019-01-07T00:00:00
Link: CVE-2019-5599
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-07-02T21:15:11.213
Modified: 2020-08-24T17:37:01.140
Link: CVE-2019-5599
JSON object: View
Redhat Information
No data.
CWE