Vulnerability Note VU#110947
KAME project IPv6 IPComp header denial of service vulnerability
Overview
The KAME project's IPv6 implementation does not properly process IPv6 packets that contain the IPComp header. If exploited, this vulnerability may allow an attacker to cause a vulnerable system to crash.
Description
Per RFC 3173: IP payload compression is a protocol to reduce the size of IP datagrams. This protocol will increase the overall communication performance between a pair of communicating hosts/gateways ("nodes") by compressing the datagrams, provided the nodes have sufficient computation power, through either CPU capacity or a compression coprocessor, and the communication is over slow or congested links. Systems that have IPv6 networking derived from the KAME project IPv6 implementation may not properly process IPv6 packets that contain an IPComp header. An attacker can exploit this vulnerability by sending an IPv6 packet with a IPComp header to a vulnerable system. |
Impact
A remote, unauthenticated attacker can cause a vulnerable system to crash. |
Solution
See the systems affected section of this document for a partial list of affected vendors. Administrators who compile their kernel from source should see http://www.kame.net/dev/cvsweb2.cgi/kame/kame/sys/netinet6/ipcomp_input.c.diff?r1=1.36;r2=1.37 for more information. |
Restrict access |
Systems Affected (Learn More)
| Vendor | Status | Date Notified | Date Updated |
|---|---|---|---|
| Apple Computer, Inc. | Affected | 30 Nov 2007 | 29 May 2008 |
| Force10 Networks, Inc. | Affected | 30 Nov 2007 | 06 Feb 2008 |
| FreeBSD, Inc. | Affected | 30 Nov 2007 | 27 Feb 2008 |
| Juniper Networks, Inc. | Affected | 30 Nov 2007 | 07 Feb 2008 |
| KAME Project | Affected | 05 Feb 2008 | 07 Feb 2008 |
| NetBSD | Affected | 30 Nov 2007 | 12 Dec 2007 |
| QNX, Software Systems, Inc. | Affected | 30 Nov 2007 | 01 Feb 2008 |
| Borderware Technologies | Not Affected | 30 Nov 2007 | 30 Jan 2008 |
| Cisco Systems, Inc. | Not Affected | 30 Nov 2007 | 08 Feb 2008 |
| Computer Associates | Not Affected | 30 Nov 2007 | 01 Feb 2008 |
| Computer Associates eTrust Security Management | Not Affected | 30 Nov 2007 | 01 Feb 2008 |
| Debian GNU/Linux | Not Affected | 30 Nov 2007 | 16 Mar 2008 |
| Extreme Networks | Not Affected | 30 Nov 2007 | 29 Apr 2009 |
| Foundry Networks, Inc. | Not Affected | 30 Nov 2007 | 03 Apr 2008 |
| Global Technology Associates | Not Affected | 30 Nov 2007 | 12 Dec 2007 |
CVSS Metrics (Learn More)
| Group | Score | Vector |
|---|---|---|
| Base | N/A | N/A |
| Temporal | N/A | N/A |
| Environmental | N/A | N/A |
References
- http://www.kame.net/dev/cvsweb2.cgi/kame/kame/sys/netinet6/ipcomp_input.c.diff?r1=1.36;r2=1.37
- http://www.kame.net/
- http://www.ietf.org/rfc/rfc3173.txt
- http://secunia.com/advisories/28816/
- http://secunia.com/advisories/28788/
- http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/netinet6/ipcomp_input.c?f=u&only_with_tag=netbsd-3-1
- http://jvn.jp/cert/JVNVU%23110947/
- http://www.milw0rm.com/exploits/5191
Credit
Thanks to Shoichi Sakane of the KAME project for reporting this vulnerability.
This document was written by Ryan Giobbi.
Other Information
- CVE IDs: CVE-2008-0177
- Date Public: 06 Feb 2008
- Date First Published: 06 Feb 2008
- Date Last Updated: 29 Apr 2009
- Severity Metric: 4.39
- Document Revision: 38
Feedback
If you have feedback, comments, or additional information about this vulnerability, please send us email.
View Notes By
Report a Vulnerability
Please use the Vulnerability Reporting Form to report a vulnerability. Alternatively, you can send us email. Be sure to read our vulnerability disclosure policy.