SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Firewall)  >   Pf Vendors:   OpenBSD
OpenBSD pf(4) Memory Access Flaw May Let Remote Users Crash the Application
SecurityTracker Alert ID:  1007917
SecurityTracker URL:  http://securitytracker.com/id/1007917
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Oct 12 2003
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in the OpenBSD pf(4) packet filter. A remote user may be able to crash the application.

It is reported that the application may access memory that has already been freed. In one case, if active scrub rules are invoked, a remote user may be able to panic the pf application.

Impact:   A remote user may be able cause the pf application to crash.
Solution:   The vendor has released the following patches:

ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/006_pfnorm.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/019_pfnorm.patch

Vendor URL:  www.openbsd.org/ (Links to External Site)
Cause:   Resource error
Underlying OS:  UNIX (OpenBSD)
Underlying OS Comments:  3.2, 3.3

Message History:   None.


 Source Message Contents

Subject:  OpenBSD pf(4)


 > SECURITY FIX: September 24, 2003
 >
 > Three cases of potential access to freed memory have been found in pf(4). At least one
 > of them could be used to panic pf with active scrub rules remotely.
 > A source code patch exists which remedies the problem.

ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/006_pfnorm.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/019_pfnorm.patch


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC