Vulnerability Description
The TCP stack in 4.3BSD Net/2, as used in FreeBSD 5.4, NetBSD possibly 2.0, and OpenBSD possibly 3.6, does not properly implement the session timer, which allows remote attackers to cause a denial of service (resource consumption) via crafted packets.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bsd | Bsd | 4.3 |
| Freebsd | Freebsd | 5.4 |
| Netbsd | Netbsd | 2.0 |
| Openbsd | Openbsd | 3.6 |
Related Weaknesses (CWE)
References
- http://jvn.jp/en/jp/JVN07930208/index.htmlVendor Advisory
- http://jvndb.jvn.jp/jvndb/JVNDB-2014-000134Vendor Advisory
- https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=195243
- http://jvn.jp/en/jp/JVN07930208/index.htmlVendor Advisory
- http://jvndb.jvn.jp/jvndb/JVNDB-2014-000134Vendor Advisory
- https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=195243
FAQ
What is CVE-2014-7250?
CVE-2014-7250 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The TCP stack in 4.3BSD Net/2, as used in FreeBSD 5.4, NetBSD possibly 2.0, and OpenBSD possibly 3.6, does not properly implement the session timer, which allows remote attackers to cause a denial of ...
How severe is CVE-2014-7250?
CVE-2014-7250 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-7250?
Check the references section above for vendor advisories and patch information. Affected products include: Bsd Bsd, Freebsd Freebsd, Netbsd Netbsd, Openbsd Openbsd.