Executive Summary

Informations
NameCVE-2007-6282First vendor Publication2008-05-07
VendorCveLast vendor Modification2010-08-21

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:N/I:N/A:C)
Cvss Base Score7.1Attack RangeNetwork
Cvss Impact Score6.9Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

The IPsec implementation in Linux kernel before 2.6.25 allows remote routers to cause a denial of service (crash) via a fragmented ESP packet in which the first fragment does not contain the entire ESP header and IV.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6282

CWE : Common Weakness Enumeration

idName
CWE-16Configuration

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10549
 
Oval ID: oval:org.mitre.oval:def:10549
Title: The IPsec implementation in Linux kernel before 2.6.25 allows remote routers to cause a denial of service (crash) via a fragmented ESP packet in which the first fragment does not contain the entire ESP header and IV.
Description: The IPsec implementation in Linux kernel before 2.6.25 allows remote routers to cause a denial of service (crash) via a fragmented ESP packet in which the first fragment does not contain the entire ESP header and IV.
Family: unix Class: vulnerability
Reference(s): CVE-2007-6282
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Os3
Os1

OpenVAS Exploits

DateDescription
2009-10-10Name : SLES9: Security update for Linux kernel
File : nvt/sles9p5028577.nasl
2009-03-23Name : Ubuntu Update for linux, linux-source-2.6.15/20/22 vulnerabilities USN-625-1
File : nvt/gb_ubuntu_USN_625_1.nasl
2009-03-06Name : RedHat Update for kernel RHSA-2008:0237-01
File : nvt/gb_RHSA-2008_0237-01_kernel.nasl
2009-03-06Name : RedHat Update for kernel RHSA-2008:0275-01
File : nvt/gb_RHSA-2008_0275-01_kernel.nasl
2009-01-23Name : SuSE Update for kernel SUSE-SA:2008:030
File : nvt/gb_suse_2008_030.nasl
2009-01-23Name : SuSE Update for kernel SUSE-SA:2008:031
File : nvt/gb_suse_2008_031.nasl
2009-01-23Name : SuSE Update for kernel SUSE-SA:2008:032
File : nvt/gb_suse_2008_032.nasl
2008-09-04Name : Debian Security Advisory DSA 1630-1 (linux-2.6)
File : nvt/deb_1630_1.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
44930Linux Kernel IPsec Implementation Malformed Fragmented ESP Packet Remote DoS

Nessus® Vulnerability Scanner

DateDescription
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2008-0237.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2008-0275.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20080507_kernel_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-05-17Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_kernel-5370.nasl - Type : ACT_GATHER_INFO
2010-01-06Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2008-0237.nasl - Type : ACT_GATHER_INFO
2010-01-06Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2008-0275.nasl - Type : ACT_GATHER_INFO
2008-08-24Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1630.nasl - Type : ACT_GATHER_INFO
2008-07-17Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-625-1.nasl - Type : ACT_GATHER_INFO
2008-07-08Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_kernel-5375.nasl - Type : ACT_GATHER_INFO
2008-06-24Name : The remote openSUSE host is missing a security update.
File : suse_kernel-5336.nasl - Type : ACT_GATHER_INFO
2008-06-24Name : The remote openSUSE host is missing a security update.
File : suse_kernel-5339.nasl - Type : ACT_GATHER_INFO
2008-05-20Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0275.nasl - Type : ACT_GATHER_INFO
2008-05-09Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0237.nasl - Type : ACT_GATHER_INFO

Internal Sources (Detail)

SourceUrl
BIDhttp://www.securityfocus.com/bid/29081
DEBIANhttp://www.debian.org/security/2008/dsa-1630
MISChttps://bugzilla.redhat.com/show_bug.cgi?id=404291
MLISThttp://marc.info/?l=linux-netdev&m=120372380411259&w=2
REDHAThttp://www.redhat.com/support/errata/RHSA-2008-0237.html
http://www.redhat.com/support/errata/RHSA-2008-0275.html
http://www.redhat.com/support/errata/RHSA-2008-0585.html
SECUNIAhttp://secunia.com/advisories/30112
http://secunia.com/advisories/30294
http://secunia.com/advisories/30818
http://secunia.com/advisories/30890
http://secunia.com/advisories/30962
http://secunia.com/advisories/31107
http://secunia.com/advisories/31551
http://secunia.com/advisories/31628
SUSEhttp://lists.opensuse.org/opensuse-security-announce/2008-06/msg00006.html
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00000.html
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00002.html
UBUNTUhttp://www.ubuntu.com/usn/usn-625-1
XFhttp://xforce.iss.net/xforce/xfdb/42276

Alert History

If you want to see full details history, please login or register.
0
1
DateInformations
2014-02-17 10:42:49
  • Multiple Updates
2013-05-11 10:43:38
  • Multiple Updates