Vulnerability Name:

CCN-9577

Published:2002-04-21
Updated:2002-04-21
Summary:FreeBSD and possibly other BSD-based operating systems could allow a remote attacker to perform OS fingerprinting, caused by a vulnerability in the PMTUD (Path MTU Discovery) implementation. When PMTUD is used, the DF bit in SYN-ACK packets is not set, which violates RFC 1191. This could allow a remote attacker to capture network traffic and discover the OS of the vulnerable server. An attacker could then use this information to prepare for further attacks against the affected server.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Consequences:Obtain Information
References:Source: CCN
Type: BugTraq Mailing List, Mon Jun 10 2002 - 14:52:56 CDT
Broken PMTUD in FreeBSD?

Source: CCN
Type: FreeBSD-Net Mailing List, Sun, 21 Apr 2002 17:22:04 +0200
Path MTU Discovery and missing DF bit

Source: CCN
Type: BID-4688
BSD PMTUD SYN-ACK Packet Fragmentation Fingerprinting Vulnerability

Source: XF
Type: UNKNOWN
bsd-pmtud-os-fingerprint(9577)

Vulnerable Configuration:Configuration CCN 1:
  • cpe:/o:freebsd:freebsd:5.0:-:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    freebsd freebsd 5.0 -