Vulnerability Note VU#110947

KAME project IPv6 IPComp header denial of service vulnerability

Original Release date: 06 Feb 2008 | Last revised: 29 Apr 2009

Overview

The KAME project's IPv6 implementation does not properly process IPv6 packets that contain the IPComp header. If exploited, this vulnerability may allow an attacker to cause a vulnerable system to crash.

Description

Per RFC 3173:

    IP payload compression is a protocol to reduce the size of IP datagrams. This protocol will increase the overall communication performance between a pair of communicating hosts/gateways ("nodes") by compressing the datagrams, provided the nodes have sufficient computation power, through either CPU capacity or a compression coprocessor, and the communication is over slow or congested links.


Systems that have IPv6 networking derived from the KAME project IPv6 implementation may not properly process IPv6 packets that contain an IPComp header. An attacker can exploit this vulnerability by sending an IPv6 packet with a IPComp header to a vulnerable system.

Impact

A remote, unauthenticated attacker can cause a vulnerable system to crash.

Solution

See the systems affected section of this document for a partial list of affected vendors. Administrators who compile their kernel from source should see http://www.kame.net/dev/cvsweb2.cgi/kame/kame/sys/netinet6/ipcomp_input.c.diff?r1=1.36;r2=1.37 for more information.

Restrict access

Until updates can be applied, using a packet-filtering firewall to block IPv6 packets that contain the IPComp header may prevent this vulnerability from being exploited by remote attackers.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
Apple Computer, Inc.Affected30 Nov 200729 May 2008
Force10 Networks, Inc.Affected30 Nov 200706 Feb 2008
FreeBSD, Inc.Affected30 Nov 200727 Feb 2008
Juniper Networks, Inc.Affected30 Nov 200707 Feb 2008
KAME ProjectAffected05 Feb 200807 Feb 2008
NetBSDAffected30 Nov 200712 Dec 2007
QNX, Software Systems, Inc.Affected30 Nov 200701 Feb 2008
Borderware TechnologiesNot Affected30 Nov 200730 Jan 2008
Cisco Systems, Inc.Not Affected30 Nov 200708 Feb 2008
Computer AssociatesNot Affected30 Nov 200701 Feb 2008
Computer Associates eTrust Security ManagementNot Affected30 Nov 200701 Feb 2008
Debian GNU/LinuxNot Affected30 Nov 200716 Mar 2008
Extreme NetworksNot Affected30 Nov 200729 Apr 2009
Foundry Networks, Inc.Not Affected30 Nov 200703 Apr 2008
Global Technology AssociatesNot Affected30 Nov 200712 Dec 2007
If you are a vendor and your product is affected, let us know.View More »

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

Thanks to Shoichi Sakane of the KAME project for reporting this vulnerability.

This document was written by Ryan Giobbi.

Other Information

  • CVE IDs: CVE-2008-0177
  • Date Public: 06 Feb 2008
  • Date First Published: 06 Feb 2008
  • Date Last Updated: 29 Apr 2009
  • Severity Metric: 4.39
  • Document Revision: 38

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.