[VU:962459] TCP implementations vulnerable to Denial of Service

Severity High

CVEs 2

Overview

The Linux kernel versions 4.9+ and supported versions of FreeBSD are vulnerable to denial of service conditions with low rates of specially modified packets.

Impact

An remote attacker may be able to trigger a denial-of-service condition against a system with an available open port.

Solution

Apply a patch
Patches for the Linux kernel are available to address the vulnerability. Patches for FreeBSD are available to address the vulnerability.

Acknowledgements

Thanks to Juha-Matti Tilli(Aalto University,Department of Communications and Networking/Nokia Bell Labs)for reporting these vulnerabilities.

ID

VU:962459

Severity

high

Severity from

CVE-2018-5390

URL

https://kb.cert.org/vuls/id/962459

Published

2018-08-06T17:11:53
(6 years ago)

Modified

2018-09-14T19:29:12
(6 years ago)

Rights

Other Advisories

Source	# ID	Name	URL
			https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=1a4f14bab1868b443f0dd3c55b689a478f82e72e
			https://www.spinics.net/lists/netdev/msg514742.html
			https://www.freebsd.org/security/advisories/FreeBSD-SA-18:08.tcp.asc

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date