What about FreeBSD? - KAME Project "ipcomp6_input()" Denial of

看板FB_security作者時間18年前 (2008/02/07 04:56), 編輯推噓0(000)
留言0則, 0人參與, 最新討論串1/1
TITLE: KAME Project "ipcomp6_input()" Denial of Service CRITICAL: Moderately critical IMPACT: DoS WHERE: >From remote DESCRIPTION: A vulnerability has been reported in the KAME Project, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error within the "ipcomp6_input()" function in kame/sys/netinet6/ipcomp_input.c when processing IPv6 packets with an IPComp header. This can be exploited to crash a vulnerable system by sending a specially crafted IPv6 packet. SOLUTION: Fixed in the CVS repository. http://www.kame.net/dev/cvsweb2.cgi/kame/kame/sys/netinet6/ipcomp_input.c.diff?r1=1.36;r2=1.37 PROVIDED AND/OR DISCOVERED BY: US-CERT credits Shoichi Sakane. NetBSD credits the Coverity Prevent analysis tool. ORIGINAL ADVISORY: US-CERT VU#110947: http://www.kb.cert.org/vuls/id/110947 _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
更多 mohacsi. 的文章
文章代碼(AID): #17gXyE00 (FB_security)