exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

FreeBSD Security Advisory - IGMP Integer Overflow

FreeBSD Security Advisory - IGMP Integer Overflow
Posted Apr 8, 2015
Authored by Marek Kroemeke, Mateusz Kocielski | Site security.freebsd.org

FreeBSD Security Advisory - An integer overflow in computing the size of IGMPv3 data buffer can result in a buffer which is too small for the requested operation. An attacker who can send specifically crafted IGMP packets could cause a denial of service situation by causing the kernel to crash. Revision 2 of this advisory.

tags | advisory, denial of service, overflow, kernel
systems | freebsd
advisories | CVE-2015-1414
SHA-256 | 07777cd1ce7f35b3c30e664d16946ac2cbbf3e05394da44684d68f4bff1b372a

FreeBSD Security Advisory - IGMP Integer Overflow

Change Mirror Download
Hash: SHA512

FreeBSD-SA-15:04.igmp Security Advisory
The FreeBSD Project

Topic: Integer overflow in IGMP protocol

Category: core
Module: igmp
Announced: 2015-02-25; Last revised on 2015-04-07
Credits: Mateusz Kocielski, Logicaltrust,
Marek Kroemeke, and 22733db72ab3ed94b5f8a1ffcde850251fe6f466
Affects: All supported versions of FreeBSD.
Corrected: 2015-04-07 20:20:24 UTC (stable/10, 10.1-STABLE)
2015-04-07 20:21:01 UTC (releng/10.1, 10.1-RELEASE-p9)
2015-04-07 20:20:44 UTC (stable/9, 9.3-STABLE)
2015-04-07 20:21:23 UTC (releng/9.3, 9.3-RELEASE-p13)
2015-04-07 20:20:44 UTC (stable/8, 8.4-STABLE)
2015-04-07 20:21:23 UTC (releng/8.4, 8.4-RELEASE-p27)
CVE Name: CVE-2015-1414

For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:https://security.FreeBSD.org/>.

0. Revision history

v1.0 2015-02-25 Initial release.
v1.1 2015-04-07 Revised patch to address a potential overflow issue.

I. Background

IGMP is a control plane protocol used by IPv4 hosts and routers to propagate
multicast group membership information. IGMP version 3 is implemented on

II. Problem Description

An integer overflow in computing the size of IGMPv3 data buffer can result
in a buffer which is too small for the requested operation.

III. Impact

An attacker who can send specifically crafted IGMP packets could cause a
denial of service situation by causing the kernel to crash.

IV. Workaround

Block incoming IGMP packets by protecting your host/networks with a firewall.

V. Solution

Perform one of the following:

1) Upgrade your vulnerable system to a supported FreeBSD stable or
release / security branch (releng) dated after the correction date.

2) To update your vulnerable system via a binary patch:

Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:

# freebsd-update fetch
# freebsd-update install

3) To update your vulnerable system via a source code patch:

The following patches have been verified to apply to the applicable
FreeBSD release branches.

a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.

# fetch https://security.FreeBSD.org/patches/SA-15:04/igmp.patch
# fetch https://security.FreeBSD.org/patches/SA-15:04/igmp.patch.asc
# gpg --verify igmp.patch.asc

# fetch https://security.FreeBSD.org/patches/SA-15:04/igmp-errata.patch
# fetch https://security.FreeBSD.org/patches/SA-15:04/igmp-errata.patch.asc
# gpg --verify igmp-errata.patch.asc

b) Apply the patch. Execute the following commands as root:

# cd /usr/src
# patch < /path/to/patch

c) Recompile your kernel as described in
<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the

VI. Correction details

The following list contains the correction revision numbers for each
affected branch.

Branch/path Revision
- -------------------------------------------------------------------------
stable/8/ r281231
releng/8.4/ r281233
stable/9/ r281231
releng/9.3/ r281233
stable/10/ r281230
releng/10.1/ r281232
- -------------------------------------------------------------------------

To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:

# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base

Or visit the following URL, replacing NNNNNN with the revision number:


VII. References


The latest revision of this advisory is available at
Version: GnuPG v2.1.2 (FreeBSD)

Login or Register to add favorites

File Archive:

September 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    2 Files
  • 2
    Sep 2nd
    21 Files
  • 3
    Sep 3rd
    0 Files
  • 4
    Sep 4th
    17 Files
  • 5
    Sep 5th
    34 Files
  • 6
    Sep 6th
    29 Files
  • 7
    Sep 7th
    11 Files
  • 8
    Sep 8th
    25 Files
  • 9
    Sep 9th
    0 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    26 Files
  • 12
    Sep 12th
    23 Files
  • 13
    Sep 13th
    17 Files
  • 14
    Sep 14th
    22 Files
  • 15
    Sep 15th
    16 Files
  • 16
    Sep 16th
    0 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    19 Files
  • 19
    Sep 19th
    60 Files
  • 20
    Sep 20th
    23 Files
  • 21
    Sep 21st
    15 Files
  • 22
    Sep 22nd
    8 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    17 Files
  • 26
    Sep 26th
    3 Files
  • 27
    Sep 27th
    13 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By