VAR-200403-0072
Vulnerability from variot - Updated: 2024-05-28 18:13FreeBSD 5.1 and earlier, and Mac OS X before 10.3.4, allows remote attackers to cause a denial of service (resource exhaustion of memory buffers and system crash) via a large number of out-of-sequence TCP packets, which prevents the operating system from creating new connections. FreeBSD fails to limit the number of TCP segments held in a reassembly queue which could allow an attacker to exhaust all available memory buffers (mbufs) on the destination system resulting in a denial-of-service condition. FreeBSD of FreeBSD Unspecified vulnerabilities exist in products from multiple vendors.None. A problem in the handling of out-of-sequence packets has been identified in BSD variants such as FreeBSD and OpenBSD. Because of this, it may be possible for remote attackers to deny service to legitimate users of vulnerable systems
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200403-0072",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "freebsd",
"scope": "eq",
"trust": 1.9,
"vendor": "freebsd",
"version": "4.7"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 1.9,
"vendor": "freebsd",
"version": "4.6.2"
},
{
"model": "openbsd",
"scope": "eq",
"trust": 1.3,
"vendor": "openbsd",
"version": "3.4"
},
{
"model": "openbsd",
"scope": "eq",
"trust": 1.3,
"vendor": "openbsd",
"version": "3.3"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 1.3,
"vendor": "freebsd",
"version": "5.2"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 1.3,
"vendor": "freebsd",
"version": "5.1"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 1.3,
"vendor": "freebsd",
"version": "5.0"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 1.3,
"vendor": "freebsd",
"version": "4.9"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 1.3,
"vendor": "freebsd",
"version": "4.8"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "freebsd",
"version": null
},
{
"model": "freebsd",
"scope": null,
"trust": 0.8,
"vendor": "freebsd",
"version": null
},
{
"model": "openbsd",
"scope": null,
"trust": 0.8,
"vendor": "openbsd",
"version": null
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.25"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.24"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.23"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "6.5.22"
},
{
"model": "big-ip",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.5.11"
},
{
"model": "big-ip",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.5.10"
},
{
"model": "big-ip",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.5.9"
},
{
"model": "big-ip",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.5.6"
},
{
"model": "big-ip",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.5"
},
{
"model": "big-ip",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.4"
},
{
"model": "big-ip",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.3"
},
{
"model": "big-ip",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.2"
},
{
"model": "big-ip",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "2.1"
},
{
"model": "big-ip",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "2.0"
},
{
"model": "3-dns",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.6.2"
},
{
"model": "3-dns",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.6"
},
{
"model": "3-dns",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.5"
},
{
"model": "3-dns",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.4"
},
{
"model": "3-dns",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.3"
},
{
"model": "3-dns",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.2"
},
{
"model": "firewall server",
"scope": "eq",
"trust": 0.3,
"vendor": "borderware",
"version": "7.0"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#395670"
},
{
"db": "BID",
"id": "9792"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000712"
},
{
"db": "CNNVD",
"id": "CNNVD-200403-072"
},
{
"db": "NVD",
"id": "CVE-2004-0171"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:4.6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:4.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:openbsd:openbsd:3.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:4.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:4.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:5.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:openbsd:openbsd:3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:freebsd:freebsd:5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2004-0171"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Alexander Cuttergo",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200403-072"
}
],
"trust": 0.6
},
"cve": "CVE-2004-0171",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2004-0171",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2004-0171",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#395670",
"trust": 0.8,
"value": "6.83"
},
{
"author": "CNNVD",
"id": "CNNVD-200403-072",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#395670"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000712"
},
{
"db": "CNNVD",
"id": "CNNVD-200403-072"
},
{
"db": "NVD",
"id": "CVE-2004-0171"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FreeBSD 5.1 and earlier, and Mac OS X before 10.3.4, allows remote attackers to cause a denial of service (resource exhaustion of memory buffers and system crash) via a large number of out-of-sequence TCP packets, which prevents the operating system from creating new connections. FreeBSD fails to limit the number of TCP segments held in a reassembly queue which could allow an attacker to exhaust all available memory buffers (mbufs) on the destination system resulting in a denial-of-service condition. FreeBSD of FreeBSD Unspecified vulnerabilities exist in products from multiple vendors.None. A problem in the handling of out-of-sequence packets has been identified in BSD variants such as FreeBSD and OpenBSD. Because of this, it may be possible for remote attackers to deny service to legitimate users of vulnerable systems",
"sources": [
{
"db": "NVD",
"id": "CVE-2004-0171"
},
{
"db": "CERT/CC",
"id": "VU#395670"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000712"
},
{
"db": "BID",
"id": "9792"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2004-0171",
"trust": 3.5
},
{
"db": "CERT/CC",
"id": "VU#395670",
"trust": 3.2
},
{
"db": "BID",
"id": "9792",
"trust": 2.7
},
{
"db": "OSVDB",
"id": "4124",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000712",
"trust": 0.8
},
{
"db": "APPLE",
"id": "APPLE-SA-2004-05-28",
"trust": 0.6
},
{
"db": "IDEFENSE",
"id": "20040302 FREEBSD MEMORY BUFFER EXHAUSTION DENIAL OF SERVICE VULNERABILITY",
"trust": 0.6
},
{
"db": "FREEBSD",
"id": "FREEBSD-SA-04:04",
"trust": 0.6
},
{
"db": "XF",
"id": "15369",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200403-072",
"trust": 0.6
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#395670"
},
{
"db": "BID",
"id": "9792"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000712"
},
{
"db": "CNNVD",
"id": "CNNVD-200403-072"
},
{
"db": "NVD",
"id": "CVE-2004-0171"
}
]
},
"id": "VAR-200403-0072",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.4615448
},
"last_update_date": "2024-05-28T18:13:33.411000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "others (CWE-Other) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2004-000712"
},
{
"db": "NVD",
"id": "CVE-2004-0171"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.5,
"url": "http://www.idefense.com/application/poi/display?id=78\u0026type=vulnerabilities"
},
{
"trust": 2.4,
"url": "ftp://ftp.freebsd.org/pub/freebsd/cert/advisories/freebsd-sa-04:04.tcp.asc"
},
{
"trust": 2.4,
"url": "http://www.kb.cert.org/vuls/id/395670"
},
{
"trust": 2.4,
"url": "http://lists.seifried.org/pipermail/security/2004-may/003743.html"
},
{
"trust": 2.4,
"url": "http://www.securityfocus.com/bid/9792"
},
{
"trust": 1.8,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15369"
},
{
"trust": 1.6,
"url": "http://www.osvdb.org/4124"
},
{
"trust": 0.8,
"url": "https://ialert.idefense.com/kodetails.jhtml?irid=207650"
},
{
"trust": 0.8,
"url": "http://www.ietf.org/rfc/rfc793.txt"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2004-0171"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/15369"
},
{
"trust": 0.3,
"url": "http://www.borderware.com/products/firewall.php"
},
{
"trust": 0.3,
"url": "http://www.freebsd.org/"
},
{
"trust": 0.3,
"url": "http://docs.freebsd.org/cgi/getmsg.cgi?fetch=97407+0+/usr/local/www/db/text/2004/freebsd-net/20040222.freebsd-net"
},
{
"trust": 0.3,
"url": "http://www.openbsd.org"
},
{
"trust": 0.3,
"url": "http://www.borderware.com/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#395670"
},
{
"db": "BID",
"id": "9792"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000712"
},
{
"db": "CNNVD",
"id": "CNNVD-200403-072"
},
{
"db": "NVD",
"id": "CVE-2004-0171"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#395670"
},
{
"db": "BID",
"id": "9792"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000712"
},
{
"db": "CNNVD",
"id": "CNNVD-200403-072"
},
{
"db": "NVD",
"id": "CVE-2004-0171"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2004-03-04T00:00:00",
"db": "CERT/CC",
"id": "VU#395670"
},
{
"date": "2004-03-02T00:00:00",
"db": "BID",
"id": "9792"
},
{
"date": "2024-05-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2004-000712"
},
{
"date": "2004-03-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200403-072"
},
{
"date": "2004-03-15T05:00:00",
"db": "NVD",
"id": "CVE-2004-0171"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2004-03-04T00:00:00",
"db": "CERT/CC",
"id": "VU#395670"
},
{
"date": "2009-07-12T03:06:00",
"db": "BID",
"id": "9792"
},
{
"date": "2024-05-27T02:21:00",
"db": "JVNDB",
"id": "JVNDB-2004-000712"
},
{
"date": "2005-05-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200403-072"
},
{
"date": "2017-10-10T01:30:18.673000",
"db": "NVD",
"id": "CVE-2004-0171"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200403-072"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FreeBSD fails to limit number of TCP segments held in reassembly queue",
"sources": [
{
"db": "CERT/CC",
"id": "VU#395670"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200403-072"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…