SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information


 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips
 

Vulnerability Note VU#110947

KAME project IPv6 IPComp header denial of service vulnerability

Overview

The KAME project's IPv6 implementation does not properly process IPv6 packets that contain the IPComp header. If exploited, this vulnerability may allow an attacker to cause a vulnerable system to crash.

I. Description

Per RFC 3173:

    IP payload compression is a protocol to reduce the size of IP datagrams. This protocol will increase the overall communication performance between a pair of communicating hosts/gateways ("nodes") by compressing the datagrams, provided the nodes have sufficient computation power, through either CPU capacity or a compression coprocessor, and the communication is over slow or congested links.


Systems that have IPv6 networking derived from the KAME project IPv6 implementation may not properly process IPv6 packets that contain an IPComp header. An attacker can exploit this vulnerability by sending an IPv6 packet with a IPComp header to a vulnerable system.

II. Impact

A remote, unauthenticated attacker can cause a vulnerable system to crash.

III. Solution

See the systems affected section of this document for a partial list of affected vendors. Administrators who compile their kernel from source should see http://www.kame.net/dev/cvsweb2.cgi/kame/kame/sys/netinet6/ipcomp_input.c.diff?r1=1.36;r2=1.37 for more information.

Restrict access

Until updates can be applied, using a packet-filtering firewall to block IPv6 packets that contain the IPComp header may prevent this vulnerability from being exploited by remote attackers.

Systems Affected

VendorStatusDate Updated
3com, Inc.Unknown30-Nov-2007
AlcatelUnknown30-Nov-2007
Apple Computer, Inc.Vulnerable29-May-2008
AT&TUnknown30-Nov-2007
Avaya, Inc.Unknown30-Nov-2007
Avici Systems, Inc.Unknown30-Nov-2007
Borderware TechnologiesNot Vulnerable30-Jan-2008
BroUnknown30-Nov-2007
CentOSUnknown21-Jan-2008
Charlotte's Web NetworksUnknown30-Nov-2007
Check Point Software TechnologiesUnknown30-Nov-2007
Chiaro Networks, Inc.Unknown30-Nov-2007
Cisco Systems, Inc.Not Vulnerable8-Feb-2008
ClavisterUnknown30-Nov-2007
Computer AssociatesNot Vulnerable1-Feb-2008
Computer Associates eTrust Security ManagementNot Vulnerable1-Feb-2008
Conectiva Inc.Unknown30-Nov-2007
Cray Inc.Unknown30-Nov-2007
D-Link Systems, Inc.Unknown30-Nov-2007
Data Connection, Ltd.Unknown30-Nov-2007
Debian GNU/LinuxNot Vulnerable16-Mar-2008
EMC CorporationUnknown30-Nov-2007
Engarde Secure LinuxUnknown30-Nov-2007
Enterasys NetworksUnknown30-Nov-2007
EricssonUnknown30-Nov-2007
eSoft, Inc.Unknown30-Nov-2007
Extreme NetworksUnknown30-Nov-2007
F5 Networks, Inc.Unknown30-Nov-2007
Fedora ProjectUnknown30-Nov-2007
Force10 Networks, Inc.Vulnerable6-Feb-2008
Fortinet, Inc.Unknown30-Nov-2007
Foundry Networks, Inc.Not Vulnerable3-Apr-2008
FreeBSD, Inc.Vulnerable27-Feb-2008
FujitsuUnknown30-Nov-2007
Gentoo LinuxUnknown30-Nov-2007
Global Technology AssociatesNot Vulnerable12-Dec-2007
Hewlett-Packard CompanyUnknown30-Nov-2007
HitachiNot Vulnerable1-Feb-2008
HyperchipUnknown30-Nov-2007
IBM CorporationNot Vulnerable6-Feb-2008
IBM Corporation (zseries)Unknown30-Nov-2007
IBM eServerUnknown30-Nov-2007
Ingrian Networks, Inc.Unknown30-Nov-2007
Intel CorporationUnknown1-Feb-2008
Internet Security Systems, Inc.Not Vulnerable6-Feb-2008
IntotoNot Vulnerable8-Feb-2008
IP FilterUnknown30-Nov-2007
Juniper Networks, Inc.Vulnerable7-Feb-2008
KAME ProjectVulnerable7-Feb-2008
Linksys (A division of Cisco Systems)Unknown30-Nov-2007
Linux Kernel ArchivesNot Vulnerable13-Feb-2008
Lucent TechnologiesUnknown30-Nov-2007
Luminous NetworksUnknown30-Nov-2007
m0n0wallUnknown30-Nov-2007
Mandriva, Inc.Unknown30-Nov-2007
McAfeeNot Vulnerable12-Dec-2007
Microsoft CorporationUnknown30-Nov-2007
MontaVista Software, Inc.Unknown30-Nov-2007
Multinet (owned Process Software Corporation)Unknown30-Nov-2007
Multitech, Inc.Unknown30-Nov-2007
NEC CorporationUnknown30-Nov-2007
NetBSDVulnerable12-Dec-2007
netfilterUnknown30-Nov-2007
Network Appliance, Inc.Unknown30-Nov-2007
NextHop Technologies, Inc.Unknown30-Nov-2007
NokiaUnknown5-Feb-2008
Nortel Networks, Inc.Unknown30-Nov-2007
Novell, Inc.Not Vulnerable1-Feb-2008
OpenBSDUnknown30-Nov-2007
Openwall GNU/*/LinuxUnknown30-Nov-2007
PC-BSDUnknown5-Feb-2008
QNX, Software Systems, Inc.Vulnerable1-Feb-2008
RadWare, Inc.Unknown5-Feb-2008
Red Hat, Inc.Unknown30-Nov-2007
Redback Networks, Inc.Not Vulnerable5-Feb-2008
Riverstone Networks, Inc.Unknown30-Nov-2007
Secure Computing Network Security DivisionNot Vulnerable12-Dec-2007
Secureworx, Inc.Unknown30-Nov-2007
Silicon Graphics, Inc.Unknown30-Nov-2007
Slackware Linux Inc.Unknown30-Nov-2007
SmoothWallNot Vulnerable12-Dec-2007
SnortUnknown30-Nov-2007
Sony CorporationUnknown30-Nov-2007
SourcefireUnknown30-Nov-2007
StonesoftUnknown30-Nov-2007
Sun Microsystems, Inc.Not Vulnerable6-Feb-2008
SUSE LinuxUnknown30-Nov-2007
Symantec, Inc.Unknown30-Nov-2007
The SCO GroupNot Vulnerable12-Dec-2007
TippingPoint, Technologies, Inc.Not Vulnerable12-Dec-2007
Trustix Secure LinuxUnknown30-Nov-2007
TurbolinuxUnknown30-Nov-2007
UbuntuUnknown30-Nov-2007
UnisysUnknown30-Nov-2007
Watchguard Technologies, Inc.Unknown30-Nov-2007
Wind River Systems, Inc.Unknown30-Nov-2007
ZyXELUnknown30-Nov-2007

References


http://www.kame.net/dev/cvsweb2.cgi/kame/kame/sys/netinet6/ipcomp_input.c.diff?r1=1.36;r2=1.37
http://www.kame.net/
http://www.ietf.org/rfc/rfc3173.txt
http://secunia.com/advisories/28816/
http://secunia.com/advisories/28788/
http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/netinet6/ipcomp_input.c?f=u&only_with_tag=netbsd-3-1
http://jvn.jp/cert/JVNVU%23110947/
http://www.milw0rm.com/exploits/5191

Credit

Thanks to Shoichi Sakane of the KAME project for reporting this vulnerability.

This document was written by Ryan Giobbi.

Other Information

Date Public02/06/2008
Date First Published02/06/2008 07:05:57 AM
Date Last Updated05/29/2008
CERT Advisory 
CVE NameCVE-2008-0177
US-CERT Technical Alerts 
Metric4.39
Document Revision38

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Produced 2008 by US-CERT, a government organization
Disclaimers and copyright information
Get Adobe Reader Get Adobe Reader