Executive Summary
Summary | |
---|---|
Title | KAME project IPv6 IPComp header denial of service vulnerability |
Informations | |||
---|---|---|---|
Name | VU#110947 | First vendor Publication | 2008-02-06 |
Vendor | VU-CERT | Last vendor Modification | 2008-02-27 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.8 | Attack Range | Network |
Cvss Impact Score | 6.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#110947KAME project IPv6 IPComp header denial of service vulnerabilityOverviewThe KAME project's IPv6 implementation does not properly process IPv6 packets that contain the IPComp header. If exploited, this vulnerability may allow an attacker to cause a vulnerable system to crash.I. DescriptionPer RFC 3173:IP payload compression is a protocol to reduce the size of IP datagrams. This protocol will increase the overall communication performance between a pair of communicating hosts/gateways ("nodes") by compressing the datagrams, provided the nodes have sufficient computation power, through either CPU capacity or a compression coprocessor, and the communication is over slow or congested links. Systems that have IPv6 networking derived from the KAME project IPv6 implementationmay not properly process IPv6 packets that contain an IPComp header. An attacker can exploit this vulnerability by sending an IPv6 packet with a IPComp header to a vulnerable system. II. ImpactA remote, unauthenticated attacker can cause a vulnerable system to crash.III. SolutionSee the systems affected section of this document for a partial list of affected vendors. Administrators who compile their kernel from source should see http://www.kame.net/dev/cvsweb2.cgi/kame/kame/sys/netinet6/ipcomp_input.c.diff?r1=1.36;r2=1.37 for more information.Restrict access
References
Thanks to Shoichi Sakane of the KAME project for reporting this vulnerability. This document was written by Ryan Giobbi.
|
Original Source
Url : http://www.kb.cert.org/vuls/id/110947 |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 |
ExploitDB Exploits
id | Description |
---|---|
2008-02-26 | Apple Mac OS X xnu <= 1228.3.13 - IPv6-ipcomp Remote kernel DoS PoC |
OpenVAS Exploits
Date | Description |
---|---|
2010-05-12 | Name : Mac OS X 10.5.3 Update / Mac OS X Security Update 2008-003 File : nvt/macosx_upd_10_5_3_secupd_2008-003.nasl |
2009-11-17 | Name : Mac OS X Version File : nvt/macosx_version.nasl |
2008-09-04 | Name : FreeBSD Security Advisory (FreeBSD-SA-08:04.ipsec.asc) File : nvt/freebsdsa_ipsec2.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
41111 | KAME Project kame/sys/netinet6/ipcomp_input.c ipcomp6_input() Function Malfor... The ipcomp6_input function in sys/netinet6/ipcomp_input.c in the KAME project before 20071201 does not properly check the return value of the m_pulldown function, which allows remote attackers to cause a denial of service (system crash) via an IPv6 packet with an IPComp header. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2008-05-29 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_10_5_3.nasl - Type : ACT_GATHER_INFO |
2008-05-29 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2008-003.nasl - Type : ACT_GATHER_INFO |