Vulnerability Note VU#986425
OpenBSD IPv6 kernel buffer overflow vulnerability
A vulnerability in the OpenBSD kernel could allow a remote attacker to execute arbitrary code on a vulnerable system or cause the system to crash.
The OpenBSD kernel contains a flaw in its handling of kernel memory buffers when processing IPv6 packets. This flaw results in a memory corruption vulnerability that allows a remote attacker with the ability to send fragmented ICMPv6 packets to trigger an overflow of mbuf kernel memory structures. The original reporters of this vulnerability, Core Security Technologies, have published a detailed analysis of this vulnerability in CoreLabs Advisory CORE-2007-0219.
Systems connected to public IPv6 networks are particularly at risk from this vulnerability. However, since link-local addresses are part of the IPv6 specification and configured by default on Ethernet interfaces, even systems that have not been explicitly configured to use public IPv6 networks are vulnerable to attack from other systems on the same physical network or multicast network.
A remote, unauthenticated attacker with the ability to supply a specially crafted fragmented IPv6 packet may be able to execute arbitrary code on a vulnerable system or cause the system to crash. The attacker-supplied code would be executed in the context of the kernel.
Apply a patch from the vendor
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|OpenBSD||Affected||-||21 Mar 2007|
CVSS Metrics (Learn More)
This vulnerability was discovered and researched by Alfredo Ortega from Core Security Technologies.
This document was written by Chad R Dougherty.
- CVE IDs: CVE-2007-1365
- Date Public: 12 Mar 2007
- Date First Published: 15 Mar 2007
- Date Last Updated: 03 May 2007
- Severity Metric: 16.80
- Document Revision: 18
If you have feedback, comments, or additional information about this vulnerability, please send us email.