CERT home
vulnerabilities & fixesevaluations & practicesresearch & analysistraining & education
homesearchFAQsite indexcontact
Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information
 

 View Notes By
Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric

Vulnerability Note VU#110947

KAME project IPv6 IPComp header denial of service vulnerability

Overview

The KAME project's IPv6 implementation does not properly process IPv6 packets that contain the IPComp header. If exploited, this vulnerability may allow an attacker to cause a vulnerable system to crash.

I. Description

Per RFC 3173:

    IP payload compression is a protocol to reduce the size of IP datagrams. This protocol will increase the overall communication performance between a pair of communicating hosts/gateways ("nodes") by compressing the datagrams, provided the nodes have sufficient computation power, through either CPU capacity or a compression coprocessor, and the communication is over slow or congested links.


Systems that have IPv6 networking derived from the KAME project IPv6 implementation may not properly process IPv6 packets that contain an IPComp header. An attacker can exploit this vulnerability by sending an IPv6 packet with a IPComp header to a vulnerable system.

II. Impact

A remote, unauthenticated attacker can cause a vulnerable system to crash.

III. Solution

See the systems affected section of this document for a partial list of affected vendors. Administrators who compile their kernel from source should see http://www.kame.net/dev/cvsweb2.cgi/kame/kame/sys/netinet6/ipcomp_input.c.diff?r1=1.36;r2=1.37 for more information.

Restrict access

Until updates can be applied, using a packet-filtering firewall to block IPv6 packets that contain the IPComp header may prevent this vulnerability from being exploited by remote attackers.

Systems Affected

VendorStatusDate Updated
3com, Inc.Unknown2007-11-302007-11-30
AlcatelUnknown2007-11-302007-11-30
Apple Computer, Inc.Vulnerable2007-11-302008-05-29
AT&TUnknown2007-11-302007-11-30
Avaya, Inc.Unknown2007-11-302007-11-30
Avici Systems, Inc.Unknown2007-11-302007-11-30
Borderware TechnologiesNot Vulnerable2007-11-302008-01-30
BroUnknown2007-11-302007-11-30
CentOSUnknown2008-01-212008-01-21
Charlotte's Web NetworksUnknown2007-11-302007-11-30
Check Point Software TechnologiesUnknown2007-11-302007-11-30
Chiaro Networks, Inc.Unknown2007-11-302007-11-30
Cisco Systems, Inc.Not Vulnerable2007-11-302008-02-08
ClavisterUnknown2007-11-302007-11-30
Computer AssociatesNot Vulnerable2007-11-302008-02-01
Computer Associates eTrust Security ManagementNot Vulnerable2007-11-302008-02-01
Conectiva Inc.Unknown2007-11-302007-11-30
Cray Inc.Unknown2007-11-302007-11-30
D-Link Systems, Inc.Unknown2007-11-302007-11-30
Data Connection, Ltd.Unknown2007-11-302007-11-30
Debian GNU/LinuxNot Vulnerable2007-11-302008-03-16
EMC CorporationUnknown2007-11-302007-11-30
Engarde Secure LinuxUnknown2007-11-302007-11-30
Enterasys NetworksUnknown2007-11-302007-11-30
EricssonUnknown2007-11-302007-11-30
eSoft, Inc.Unknown2007-11-302007-11-30
Extreme NetworksNot Vulnerable2007-11-302009-04-29
F5 Networks, Inc.Unknown2007-11-302007-11-30
Fedora ProjectUnknown2007-11-302007-11-30
Force10 Networks, Inc.Vulnerable2007-11-302008-02-06
Fortinet, Inc.Unknown2007-11-302007-11-30
Foundry Networks, Inc.Not Vulnerable2007-11-302008-04-03
FreeBSD, Inc.Vulnerable2007-11-302008-02-27
FujitsuUnknown2007-11-302007-11-30
Gentoo LinuxUnknown2007-11-302007-11-30
Global Technology AssociatesNot Vulnerable2007-11-302007-12-12
Hewlett-Packard CompanyUnknown2007-11-302007-11-30
HitachiNot Vulnerable2007-11-302008-02-01
HyperchipUnknown2007-11-302007-11-30
IBM CorporationNot Vulnerable2007-11-302008-02-06
IBM Corporation (zseries)Unknown2007-11-302007-11-30
IBM eServerUnknown2007-11-302007-11-30
Ingrian Networks, Inc.Unknown2007-11-302007-11-30
Intel CorporationUnknown2008-01-212008-02-01
Internet Security Systems, Inc.Not Vulnerable2007-11-302008-02-06
IntotoNot Vulnerable2007-11-302008-02-08
IP FilterUnknown2007-11-302007-11-30
Juniper Networks, Inc.Vulnerable2007-11-302008-02-07
KAME ProjectVulnerable2008-02-052008-02-07
Linksys (A division of Cisco Systems)Unknown2007-11-302007-11-30
Linux Kernel ArchivesNot Vulnerable2008-02-13
Lucent TechnologiesUnknown2007-11-302007-11-30
Luminous NetworksUnknown2007-11-302007-11-30
m0n0wallUnknown2007-11-302007-11-30
Mandriva, Inc.Unknown2007-11-302007-11-30
McAfeeNot Vulnerable2007-11-302007-12-12
Microsoft CorporationUnknown2007-11-302007-11-30
MontaVista Software, Inc.Unknown2007-11-302007-11-30
Multinet (owned Process Software Corporation)Unknown2007-11-302007-11-30
Multitech, Inc.Unknown2007-11-302007-11-30
NEC CorporationUnknown2007-11-302007-11-30
NetBSDVulnerable2007-11-302007-12-12
netfilterUnknown2007-11-302007-11-30
Network Appliance, Inc.Unknown2007-11-302007-11-30
NextHop Technologies, Inc.Unknown2007-11-302007-11-30
NokiaUnknown2008-02-052008-02-05
Nortel Networks, Inc.Unknown2007-11-302007-11-30
Novell, Inc.Not Vulnerable2007-11-302008-02-01
OpenBSDUnknown2007-11-302007-11-30
Openwall GNU/*/LinuxUnknown2007-11-302007-11-30
PC-BSDUnknown2008-02-052008-02-05
QNX, Software Systems, Inc.Vulnerable2007-11-302008-02-01
RadWare, Inc.Unknown2008-02-052008-02-05
Red Hat, Inc.Unknown2007-11-302007-11-30
Redback Networks, Inc.Not Vulnerable2007-11-302008-02-05
Riverstone Networks, Inc.Unknown2007-11-302007-11-30
Secure Computing Network Security DivisionNot Vulnerable2007-11-302007-12-12
Secureworx, Inc.Unknown2007-11-302007-11-30
Silicon Graphics, Inc.Unknown2007-11-302007-11-30
Slackware Linux Inc.Unknown2007-11-302007-11-30
SmoothWallNot Vulnerable2007-11-302007-12-12
SnortUnknown2007-11-302007-11-30
Sony CorporationUnknown2007-11-302007-11-30
SourcefireUnknown2007-11-302007-11-30
StonesoftUnknown2007-11-302007-11-30
Sun Microsystems, Inc.Not Vulnerable2007-11-302008-02-06
SUSE LinuxUnknown2007-11-302007-11-30
Symantec, Inc.Unknown2007-11-302007-11-30
The SCO GroupNot Vulnerable2007-11-302007-12-12
TippingPoint, Technologies, Inc.Not Vulnerable2007-11-302007-12-12
Trustix Secure LinuxUnknown2007-11-302007-11-30
TurbolinuxUnknown2007-11-302007-11-30
UbuntuUnknown2007-11-302007-11-30
UnisysUnknown2007-11-302007-11-30
Watchguard Technologies, Inc.Unknown2007-11-302007-11-30
Wind River Systems, Inc.Unknown2007-11-302007-11-30
ZyXELUnknown2007-11-302007-11-30

References


http://www.kame.net/dev/cvsweb2.cgi/kame/kame/sys/netinet6/ipcomp_input.c.diff?r1=1.36;r2=1.37
http://www.kame.net/
http://www.ietf.org/rfc/rfc3173.txt
http://secunia.com/advisories/28816/
http://secunia.com/advisories/28788/
http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/netinet6/ipcomp_input.c?f=u&only_with_tag=netbsd-3-1
http://jvn.jp/cert/JVNVU%23110947/
http://www.milw0rm.com/exploits/5191

Credit

Thanks to Shoichi Sakane of the KAME project for reporting this vulnerability.

This document was written by Ryan Giobbi.

Other Information

Date Public02/06/2008
Date First Published02/06/2008 07:05:57 AM
Date Last Updated04/29/2009
CERT Advisory 
CVE NameCVE-2008-0177
Metric4.39
Document Revision38

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

Copyright 2008 Carnegie Mellon University