Executive Summary
Summary | |
---|---|
Title | IPComp encapsulation nested payload vulnerability |
Informations | |||
---|---|---|---|
Name | VU#668220 | First vendor Publication | 2011-04-01 |
Vendor | VU-CERT | Last vendor Modification | 2011-05-19 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 6.8 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#668220IPComp encapsulation nested payload vulnerabilityOverviewSome IPComp implementations may contain a kernel memory corruption vulnerability in their handling of nested encapsulation of IPComp payloads.I. DescriptionRFC 3173 defines the IP Payload Compression Protocol (IPComp) as:IP payload compression is a protocol to reduce the size of IP datagrams. This protocol will increase the overall communication performance between a pair of communicating hosts/gateways ("nodes") by compressing the datagrams, provided the nodes have sufficient computation power, through either CPU capacity or a compression coprocessor, and the communication is over slow or congested links. Please see the Vendor Information below for specific vendor information and patches.
Vendor InformationNote that any systems derived from the KAME or NetBSD IPComp implementations may be vulnerable.
Referenceshttp://tools.ietf.org/html/rfc3173 Thanks to Tavis Ormandy of Google for reporting this vulnerability. This document was written by Michael Orlando.
|
Original Source
Url : http://www.kb.cert.org/vuls/id/668220 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Os | 5 |
ExploitDB Exploits
id | Description |
---|---|
2011-04-01 | IPComp encapsulation pre-auth kernel memory corruption |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
71418 | NetBSD IPComp Header Payload Decompression Overflow NetBSD is prone to an overflow condition. The program fails to properly sanitize user-supplied input resulting in a stack overflow. With a specially crafted packet containing a RFC3173 IPComp payload, a remote attacker can potentially execute arbitrary code. |
71417 | FreeBSD IPComp Payload Decompression Overflow FreeBSD is prone to an overflow condition. The program fails to properly sanitize user-supplied input resulting in a stack overflow. With a specially crafted packet containing a RFC3173 IPComp payload, a remote attacker can potentially execute arbitrary code. |