The KAME project's IPv6 implementation does not properly process IPv6 packets that contain the IPComp header. If exploited, this vulnerability may allow an attacker to cause a vulnerable system to crash.
Per RFC 3173:
IP payload compression is a protocol to reduce the size of IP datagrams. This protocol will increase the overall communication performance between a pair of communicating hosts/gateways ("nodes") by compressing the datagrams, provided the nodes have sufficient computation power, through either CPU capacity or a compression coprocessor, and the communication is over slow or congested links.
A remote, unauthenticated attacker can cause a vulnerable system to crash.
See the systems affected section of this document for a partial list of affected vendors. Administrators who compile their kernel from source should see http://www.kame.net/dev/cvsweb2.cgi/kame/kame/sys/netinet6/ipcomp_input.c.diff?r1=1.36;r2=1.37 for more information.
Thanks to Shoichi Sakane of the KAME project for reporting this vulnerability.
This document was written by Ryan Giobbi.
|Date First Published:||2008-02-06|
|Date Last Updated:||2009-04-29 17:59 UTC|