what you don't know can hurt you

FreeBSD Security Advisory - IGMP Integer Overflow

FreeBSD Security Advisory - IGMP Integer Overflow
Posted Feb 26, 2015
Authored by Marek Kroemeke, Mateusz Kocielski | Site security.freebsd.org

FreeBSD Security Advisory - An integer overflow in computing the size of IGMPv3 data buffer can result in a buffer which is too small for the requested operation. An attacker who can send specifically crafted IGMP packets could cause a denial of service situation by causing the kernel to crash.

tags | advisory, denial of service, overflow, kernel
systems | freebsd
advisories | CVE-2015-1414
MD5 | 89b443fe13922317739f20717496c68e

FreeBSD Security Advisory - IGMP Integer Overflow

Change Mirror Download
Hash: SHA512

FreeBSD-SA-15:04.igmp Security Advisory
The FreeBSD Project

Topic: Integer overflow in IGMP protocol

Category: core
Module: igmp
Announced: 2015-02-25
Credits: Mateusz Kocielski, Logicaltrust,
Marek Kroemeke, and 22733db72ab3ed94b5f8a1ffcde850251fe6f466
Affects: All supported versions of FreeBSD.
Corrected: 2015-02-25 05:43:02 UTC (stable/10, 10.1-STABLE)
2015-02-25 05:56:16 UTC (releng/10.1, 10.1-RELEASE-p6)
2015-02-25 05:56:16 UTC (releng/10.0, 10.0-RELEASE-p18)
2015-02-25 05:43:02 UTC (stable/9, 9.3-STABLE)
2015-02-25 05:56:54 UTC (releng/9.3, 9.3-RELEASE-p10)
2015-02-25 05:43:02 UTC (stable/8, 8.4-STABLE)
2015-02-25 05:56:54 UTC (releng/8.4, 8.4-RELEASE-p24)
CVE Name: CVE-2015-1414

For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:https://security.FreeBSD.org/>.

I. Background

IGMP is a control plane protocol used by IPv4 hosts and routers to propagate
multicast group membership information. IGMP version 3 is implemented on

II. Problem Description

An integer overflow in computing the size of IGMPv3 data buffer can result
in a buffer which is too small for the requested operation.

III. Impact

An attacker who can send specifically crafted IGMP packets could cause a
denial of service situation by causing the kernel to crash.

IV. Workaround

Block incoming IGMP packets by protecting your host/networks with a firewall.

V. Solution

Perform one of the following:

1) Upgrade your vulnerable system to a supported FreeBSD stable or
release / security branch (releng) dated after the correction date.

2) To update your vulnerable system via a binary patch:

Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:

# freebsd-update fetch
# freebsd-update install

3) To update your vulnerable system via a source code patch:

The following patches have been verified to apply to the applicable
FreeBSD release branches.

a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.

# fetch https://security.FreeBSD.org/patches/SA-15:04/igmp.patch
# fetch https://security.FreeBSD.org/patches/SA-15:04/igmp.patch.asc
# gpg --verify igmp.patch.asc

b) Apply the patch. Execute the following commands as root:

# cd /usr/src
# patch < /path/to/patch

c) Recompile your kernel as described in
<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the

VI. Correction details

The following list contains the correction revision numbers for each
affected branch.

Branch/path Revision
- -------------------------------------------------------------------------
stable/8/ r279263
releng/8.4/ r279265
stable/9/ r279263
releng/9.3/ r279265
stable/10/ r279263
releng/10.0/ r279264
releng/10.1/ r279264
- -------------------------------------------------------------------------

To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:

# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base

Or visit the following URL, replacing NNNNNN with the revision number:


VII. References


The latest revision of this advisory is available at
Version: GnuPG v2.1.1 (FreeBSD)



RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

March 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    2 Files
  • 2
    Mar 2nd
    18 Files
  • 3
    Mar 3rd
    15 Files
  • 4
    Mar 4th
    12 Files
  • 5
    Mar 5th
    19 Files
  • 6
    Mar 6th
    8 Files
  • 7
    Mar 7th
    1 Files
  • 8
    Mar 8th
    1 Files
  • 9
    Mar 9th
    11 Files
  • 10
    Mar 10th
    15 Files
  • 11
    Mar 11th
    9 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    13 Files
  • 14
    Mar 14th
    10 Files
  • 15
    Mar 15th
    13 Files
  • 16
    Mar 16th
    27 Files
  • 17
    Mar 17th
    15 Files
  • 18
    Mar 18th
    23 Files
  • 19
    Mar 19th
    25 Files
  • 20
    Mar 20th
    10 Files
  • 21
    Mar 21st
    6 Files
  • 22
    Mar 22nd
    1 Files
  • 23
    Mar 23rd
    22 Files
  • 24
    Mar 24th
    15 Files
  • 25
    Mar 25th
    23 Files
  • 26
    Mar 26th
    20 Files
  • 27
    Mar 27th
    15 Files
  • 28
    Mar 28th
    10 Files
  • 29
    Mar 29th
    1 Files
  • 30
    Mar 30th
    18 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2016 Packet Storm. All rights reserved.

Security Services
Hosting By