Problem Description
Two problems have been discovered in the FreeBSD TCP stack.
First, when a TCP packets containing a timestamp is
received, inadequate checking of sequence numbers is
performed, allowing an attacker to artificially increase the
internal "recent" timestamp for a connection.
Second, a TCP packet with the SYN flag set is accepted for
established connections, allowing an attacker to overwrite
certain TCP options.
Impact
Using either of the two problems an attacker with knowledge
of the local and remote IP and port numbers associated with
a connection can cause a denial of service situation by
stalling the TCP connection. The stalled TCP connection my
be closed after some time by the other host.
Workaround
In some cases it may be possible to defend against these
attacks by blocking the attack packets using a firewall.
Packets used to effect either of these attacks would have
spoofed source IP addresses.