195243 – [Vulnerability info disclosed] CVE-2014-7250

Bug 195243 - [Vulnerability info disclosed] CVE-2014-7250

Summary: [Vulnerability info disclosed] CVE-2014-7250

Status:	New

Alias:	None

Product:	Base System
Classification:	Unclassified
Component:	kern (show other bugs)
Version:	10.1-RELEASE
Hardware:	Any Any

Importance:	--- Affects Many People
Assignee:	Security Team

URL:
Keywords:

Depends on:
Blocks:

Reported:	2014-11-21 09:35 UTC by Kenji Rikitake
Modified:	2017-12-17 07:12 UTC (History)
CC List:	2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Kenji Rikitake 2014-11-21 09:35:55 UTC

Japan IPA has disclosed the following vulnerability report on DDoS possibilities regarding the BSD Net/2 TCP Timer implementation. The report says FreeBSD 5.4 is vulnerable and *BSD OSes have possibilities to be attacked. 

http://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000134.html

IPA says the assigned CVE number is CVE-2014-7250.

A release of necessary patches from the FreeBSD Security Team ASAP is appreciated.

(Note that this information does not specify the vulnerable versions of the FreeBSD OS, so I set the version to 10.1-RELEASE just as a placeholder.)

Comment 1 vali gholami 2017-12-17 07:12:51 UTC

MARKED AS SPAM