Intrusion Prevention

OpenBSD.Packet.Filter.IPv6.Fragmentation.DoS

Description

This indicates an attack attempt to exploit a Denial of Service Vulnerability in OpenBSD Project OpenBSD.
Thus, a remote, unauthenticated attacker could exploit this vulnerability by sending crafted IPv6 fragments to the target server. Successful exploitation could allow an attacker to bypass various packet filter rules or cause denial-of-service conditions.

Affected Products

FreeBSD Project FreeBSD 11.2-RELEASE prior to 11.2-RELEASE-p10
FreeBSD Project FreeBSD 11.3-PRERELEASE prior to r347591
FreeBSD Project FreeBSD 12.0-RELEASE prior to 12.0-RELEASE-p4
OpenBSD Project OpenBSD 5.0 to 6.4

Impact

Denial of Service: Remote attackers can crash vulnerable systems.

Recommended Actions

Apply the most recent upgrade or patch from the vendor.
https://ftp.openbsd.org/pub/OpenBSD/patches/6.4/common/014_pf6frag.patch.sig

CVE References

CVE-2019-5597