The TCP stack in 4.3BSD Net/2, as used in FreeBSD 5.4, NetBSD possibly 2.0, and OpenBSD possibly 3.6, does not properly implement the session timer, which allows remote attackers to cause a denial of service (resource consumption) via crafted packets.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Bsd | Bsd | 4.3 (including) | 4.3 (including) |
| Freebsd | Freebsd | 5.4 (including) | 5.4 (including) |
| Netbsd | Netbsd | 2.0 (including) | 2.0 (including) |
| Openbsd | Openbsd | 3.6 (including) | 3.6 (including) |