| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 5.3 | $0-$5k | 0.00 |
Summary
A vulnerability marked as critical has been reported in FreeBSD up to 5.2. This issue affects some unknown processing of the component TCP Queue Sequence Handler. Performing a manipulation results in denial of service. This vulnerability was named CVE-2004-0171. In addition, an exploit is available. It is recommended to apply a patch to fix this issue.
Details
A vulnerability, which was classified as critical, was found in FreeBSD up to 5.2 (Operating System). This affects an unknown code of the component TCP Queue Sequence Handler. The manipulation with an unknown input leads to a denial of service vulnerability. CWE is classifying the issue as CWE-404. The product does not release or incorrectly releases a resource before it is made available for re-use. This is going to have an impact on availability. The summary by CVE is:
FreeBSD 5.1 and earlier, and Mac OS X before 10.3.4, allows remote attackers to cause a denial of service (resource exhaustion of memory buffers and system crash) via a large number of out-of-sequence TCP packets, which prevents the operating system from creating new connections.
The bug was discovered 01/22/2004. The weakness was presented 03/03/2004 by Alexander Cuttergo with iDEFENSE (Website). It is possible to read the advisory at ftp.FreeBSD.org. This vulnerability is uniquely identified as CVE-2004-0171. It is possible to initiate the attack remotely. No form of authentication is needed for exploitation. Technical details are unknown but an exploit is available.
The exploit is shared for download at hping.org. It is declared as proof-of-concept. The vulnerability was handled as a non-public zero-day exploit for at least 41 days. During that time the estimated underground price was around $0-$5k. The vulnerability scanner Nessus provides a plugin with the ID 12257 (Mac OS X < 10.3.4 Multiple Vulnerabilities), which helps to determine the existence of the flaw in a target environment. It is assigned to the family MacOS X Local Security Checks and running in the context c.
Applying a patch is able to eliminate this problem. The bugfix is ready for download at ftp.FreeBSD.org.
The vulnerability is also documented in the databases at X-Force (15369), Tenable (12257), SecurityFocus (BID 9792†), OSVDB (4124†) and Secunia (SA11023†). Further details are available at ftp.FreeBSD.org. See VDB-682, VDB-680, VDB-678 and VDB-679 for similar entries. Be aware that VulDB is the high quality source for vulnerability data.
Product
Type
Name
Version
License
Website
- Product: https://www.freebsd.org/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 5.9VulDB Meta Temp Score: 5.3
VulDB Base Score: 5.9
VulDB Temp Score: 5.3
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Denial of serviceCWE: CWE-404
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Access: Public
Status: Proof-of-Concept
Download: 🔍
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 12257
Nessus Name: Mac OS X < 10.3.4 Multiple Vulnerabilities
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Context: 🔍
OpenVAS ID: 52646
OpenVAS Name: FreeBSD Security Advisory (FreeBSD-SA-04:04.tcp.asc)
OpenVAS File: 🔍
OpenVAS Family: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: PatchStatus: 🔍
0-Day Time: 🔍
Patch: ftp.FreeBSD.org
Timeline
01/22/2004 🔍03/02/2004 🔍
03/03/2004 🔍
03/03/2004 🔍
03/03/2004 🔍
03/03/2004 🔍
03/15/2004 🔍
06/01/2004 🔍
12/15/2024 🔍
Sources
Product: freebsd.orgAdvisory: ftp.FreeBSD.org
Researcher: Alexander Cuttergo
Organization: iDEFENSE
Status: Confirmed
CVE: CVE-2004-0171 (🔍)
GCVE (CVE): GCVE-0-2004-0171
GCVE (VulDB): GCVE-100-543
CERT: 🔍
X-Force: 15369 - FreeBSD memory buffers (mbufs) denial of service, Medium Risk
SecurityFocus: 9792 - BSD Out Of Sequence Packets Remote Denial Of Service Vulnerability
Secunia: 11023 - FreeBSD Out-of-Sequence TCP Packet Denial of Service Vulnerability, Moderately Critical
OSVDB: 4124 - Multiple BSD mbufs Out-of-Sequence TCP Packet DoS
SecuriTeam: securiteam.com
Vulnerability Center: 7275
scip Labs: https://www.scip.ch/en/?labs.20161013
Misc.: 🔍
See also: 🔍
Entry
Created: 03/03/2004 11:34Updated: 12/15/2024 21:01
Changes: 03/03/2004 11:34 (81), 10/02/2016 17:26 (3), 03/09/2021 12:17 (8), 03/09/2021 12:20 (1), 06/19/2024 19:06 (18), 12/15/2024 21:01 (3)
Complete: 🔍
Cache ID: 216:926:103
Be aware that VulDB is the high quality source for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.