OpenBSD.Packet.Filter.IPv6.Fragmentation.DoS

description-logoDescription

This indicates an attack attempt to exploit a Denial of Service Vulnerability in OpenBSD Project OpenBSD.
Thus, a remote, unauthenticated attacker could exploit this vulnerability by sending crafted IPv6 fragments to the target server. Successful exploitation could allow an attacker to bypass various packet filter rules or cause denial-of-service conditions.

affected-products-logoAffected Products

FreeBSD Project FreeBSD 11.2-RELEASE prior to 11.2-RELEASE-p10
FreeBSD Project FreeBSD 11.3-PRERELEASE prior to r347591
FreeBSD Project FreeBSD 12.0-RELEASE prior to 12.0-RELEASE-p4
OpenBSD Project OpenBSD 5.0 to 6.4

Impact logoImpact

Denial of Service: Remote attackers can crash vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
https://ftp.openbsd.org/pub/OpenBSD/patches/6.4/common/014_pf6frag.patch.sig

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2019-06-27 14.640 Default_action:pass:drop
2019-06-14 14.633