Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Firewall)  >   Pf Vendors:   OpenBSD
OpenBSD pf(4) Memory Access Flaw May Let Remote Users Crash the Application
SecurityTracker Alert ID:  1007917
SecurityTracker URL:
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Oct 12 2003
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in the OpenBSD pf(4) packet filter. A remote user may be able to crash the application.

It is reported that the application may access memory that has already been freed. In one case, if active scrub rules are invoked, a remote user may be able to panic the pf application.

Impact:   A remote user may be able cause the pf application to crash.
Solution:   The vendor has released the following patches:

Vendor URL: (Links to External Site)
Cause:   Resource error
Underlying OS:  UNIX (OpenBSD)
Underlying OS Comments:  3.2, 3.3

Message History:   None.

 Source Message Contents

Subject:  OpenBSD pf(4)

 > SECURITY FIX: September 24, 2003
 > Three cases of potential access to freed memory have been found in pf(4). At least one
 > of them could be used to panic pf with active scrub rules remotely.
 > A source code patch exists which remedies the problem.


Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC