Allele Security Alert
ASA-2019-00270
Identifier(s)
ASA-2019-00270, CVE-2019-5597, FreeBSD-SA-19:05.pf
Title
IPv6 fragment reassembly panic in pf(4)
Vendor(s)
The FreeBSD Project
Product(s)
FreeBSD
Affected version(s)
All supported versions of FreeBSD
Fixed version(s)
2019-03-01 18:12:05 UTC (stable/12, 12.0-STABLE)
2019-05-14 23:10:21 UTC (releng/12.0, 12.0-RELEASE-p4)
2019-03-01 18:12:07 UTC (stable/11, 11.3-PRERELEASE)
2019-05-14 23:10:21 UTC (releng/11.2, 11.2-RELEASE-p10)
Proof of concept
Unknown
Description
A bug in the pf(4) IPv6 fragment reassembly logic incorrectly uses the last extension header offset from the last received packet instead of from the first packet.
Malicious IPv6 packets with different IPv6 extensions could cause a kernel panic or potentially a filtering rule bypass.
Only systems leveraging the pf(4) firewall and include packet scrubbing using the recommended ‘scrub all in’ or similar are affected.
Technical details
Unknown
Credits
Synacktiv
Reference(s)
IPv6 fragment reassembly panic in pf(4)
https://www.freebsd.org/security/advisories/FreeBSD-SA-19:05.pf.asc
CVE-2019-5597
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5597
CVE-2019-5597
https://nvd.nist.gov/vuln/detail/CVE-2019-5597
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: May 15, 2019