VULHUB ™

RFC 1191 documents Path MTU Discovery, which can be used to determine an approximate maximum MTU for IP based communications. In practice, when PMTUD is used in conjunction with TCP, the initial 3 way handshake is performed with the DF bit set on all packets. Some versions of BSD have been reported to not set the DF bit on SYN-ACK packets. This could allow a malicious remote party to fingerprint the operating system of the vulnerable server by initating a connection and viewing captured network traffic. This vulnerability has been reported in FreeBSD 5.0-CURRENT, however other BSD based operating systems may share this behavior. Updates will be released as additional information becomes available.

RFC 1191 documents Path MTU Discovery, which can be used to determine an approximate maximum MTU for IP based communications. In practice, when PMTUD is used in conjunction with TCP, the initial 3 way handshake is performed with the DF bit set on all packets. Some versions of BSD have been reported to not set the DF bit on SYN-ACK packets. This could allow a malicious remote party to fingerprint the operating system of the vulnerable server by initating a connection and viewing captured network traffic. This vulnerability has been reported in FreeBSD 5.0-CURRENT, however other BSD based operating systems may share this behavior. Updates will be released as additional information becomes available.