FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FreeBSD -- Infinite loop in SACK handling

Affected packages
5.4 <= FreeBSD < 5.4_11
5.3 <= FreeBSD < 5.3_26


VuXML ID dfb71c00-9d44-11da-8c1d-000e0c2e438a
Discovery 2006-02-01
Entry 2006-02-14
Modified 2016-08-09

Problem description:

When insufficient memory is available to handle an incoming selective acknowledgement, the TCP/IP stack may enter an infinite loop.


By opening a TCP connection and sending a carefully crafted series of packets, an attacker may be able to cause a denial of service.


On FreeBSD 5.4, the net.inet.tcp.sack.enable sysctl can be used to disable the use of SACK:

# sysctl net.inet.tcp.sack.enable=0

No workaround is available for FreeBSD 5.3.


CVE Name CVE-2006-0433
FreeBSD Advisory SA-06:08.sack