CVE-2008-0177 - Secunia.com

CVE Reference: CVE-2008-0177
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2008-0177

Description: The ipcomp6_input function in sys/netinet6/ipcomp_input.c in the KAME project before 20071201 does not properly check the return value of the m_pulldown function, which allows remote attackers to cause a denial of service (system crash) via an IPv6 packet with an IPComp header.

CVE Status: Candidate

References: ST 1019314 SAID Secunia Advisory: SA28788 Secunia Advisory: SA28816 Secunia Advisory: SA28979 Secunia Advisory: SA29130 Secunia Advisory: SA30430 Secunia Advisory: SA31074 MILW0RM http://www.milw0rm.com/exploits/5191 FREEBSD http://security.freebsd.org/advisories/FreeBSD-SA-08:04.ipsec.asc CONFIRM http://www.kame.net/dev/cvsweb2.cgi/kame/kame/sys/netinet6/ipcomp_input.c.diff?r1=1.36;r2=1.37 http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/netinet6/ipcomp_input.c?f=u&only_with_tag=netbsd-3-1 CERT-VN 110947 CERT http://www.us-cert.gov/cas/techalerts/TA08-150A.html BID 27642 APPLE http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html http://lists.apple.com/archives/security-announce/2008//May/msg00001.html

Return to the previous page.

Secunia