Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3202

Overview

Vulnerability Score 4.9 4.9
CVE Id CVE-2006-3202
Last Modified 05 Sep 2008 05:06:29
Published 23 Jun 2006 04:06:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2006-3202

Summary

The ip6_savecontrol function in NetBSD 2.0 through 3.0, under certain configurations, does not check to see if IPv4-mapped sockets are being used before processing IPv6 socket options, which allows local users to cause a denial of service (crash) by creating an IPv4-mapped IPv6 socket with the SO_TIMESTAMP socket option set, then sending an IPv4 packet through the socket.

Vulnerable Systems

Operating System

  • Netbsd 2.0

  • Netbsd 2.0.2

  • Netbsd 2.0.3

  • Netbsd 2.1

  • Netbsd 3.0


References

SECTRACK - 1016250

NETBSD - NetBSD-SA2006-016

XF - netbsd-ipv6-dos(27139)


Last Updated: 27 May 2016 10:42:54