Mohacsi Janos
2008-Feb-06 12:55 UTC
What about FreeBSD? - KAME Project "ipcomp6_input()" Denial of Service
TITLE: KAME Project "ipcomp6_input()" Denial of Service CRITICAL: Moderately critical IMPACT: DoS WHERE:>From remoteDESCRIPTION: A vulnerability has been reported in the KAME Project, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error within the "ipcomp6_input()" function in kame/sys/netinet6/ipcomp_input.c when processing IPv6 packets with an IPComp header. This can be exploited to crash a vulnerable system by sending a specially crafted IPv6 packet. SOLUTION: Fixed in the CVS repository. http://www.kame.net/dev/cvsweb2.cgi/kame/kame/sys/netinet6/ipcomp_input.c.diff?r1=1.36;r2=1.37 PROVIDED AND/OR DISCOVERED BY: US-CERT credits Shoichi Sakane. NetBSD credits the Coverity Prevent analysis tool. ORIGINAL ADVISORY: US-CERT VU#110947: http://www.kb.cert.org/vuls/id/110947
Dag-Erling Smørgrav
2008-Feb-06 13:51 UTC
What about FreeBSD? - KAME Project "ipcomp6_input()" Denial of Service
Mohacsi Janos <mohacsi@niif.hu> writes:> ORIGINAL ADVISORY: > US-CERT VU#110947: > http://www.kb.cert.org/vuls/id/110947As far as I can tell, FreeBSD's ipcomp implementation is not from KAME, but from OpenBSD, with significant local changes. DES -- Dag-Erling Sm?rgrav - des@des.no
Remko Lodder
2008-Feb-06 14:01 UTC
What about FreeBSD? - KAME Project "ipcomp6_input()" Denial of Service
We are aware and working on resolving this. Thanks Remko Hat: freebsd secteam -----Original Message----- From: "Mohacsi Janos" <mohacsi@niif.hu> To: freebsd-security@freebsd.org Sent: 6-2-08 21:54 Subject: What about FreeBSD? - KAME Project "ipcomp6_input()" Denial of Service TITLE: KAME Project "ipcomp6_input()" Denial of Service CRITICAL: Moderately critical IMPACT: DoS WHERE:>From remoteDESCRIPTION: A vulnerability has been reported in the KAME Project, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error within the "ipcomp6_input()" function in kame/sys/netinet6/ipcomp_input.c when processing IPv6 packets with an IPComp header. This can be exploited to crash a vulnerable system by sending a specially crafted IPv6 packet. SOLUTION: Fixed in the CVS repository. http://www.kame.net/dev/cvsweb2.cgi/kame/kame/sys/netinet6/ipcomp_input.c.diff?r1=1.36;r2=1.37 PROVIDED AND/OR DISCOVERED BY: US-CERT credits Shoichi Sakane. NetBSD credits the Coverity Prevent analysis tool. ORIGINAL ADVISORY: US-CERT VU#110947: http://www.kb.cert.org/vuls/id/110947 _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"