Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-0177

Overview

Vulnerability Score 7.8 7.8
CVE Id CVE-2008-0177
Last Modified 07 Mar 2011 10:04:05
Published 07 Feb 2008 05:00:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-0177

Summary

The ipcomp6_input function in sys/netinet6/ipcomp_input.c in the KAME project before 20071201 does not properly check the return value of the m_pulldown function, which allows remote attackers to cause a denial of service (system crash) via an IPv6 packet with an IPComp header.

Vulnerable Systems

Application

  • Kame Ipcomp


References

CERT-VN - VU#110947

CERT - TA08-150A

BID - 27642

SECUNIA - 28788

VUPEN - ADV-2008-2094

VUPEN - ADV-2008-1697

VUPEN - ADV-2008-0688

VUPEN - ADV-2008-0441

CONFIRM - http://www.kame.net/dev/cvsweb2.cgi/kame/kame/sys/netinet6/ipcomp_input.c.diff?r1=1.36;r2=1.37

SECUNIA - 31074

SECUNIA - 28816

APPLE - APPLE-SA-2008-07-11

CONFIRM - http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/netinet6/ipcomp_input.c?f=u&only_with_tag=netbsd-3-1

MILW0RM - 5191

SECTRACK - 1019314

FREEBSD - FreeBSD-SA-08:04

SECUNIA - 30430

SECUNIA - 29130

SECUNIA - 28979

APPLE - APPLE-SA-2008-05-28

Related Patches

Apple 2008-05-28 Mac OS X Server 10.5.3 Combo Update

Apple 2008-05-28 Mac OS X Server 10.5.3 Update

Apple 2008-05-28 Mac OS X 10.5.3 Combo Update (Rev 2)

Apple 2008-05-28 Mac OS X 10.5.3 Update


Last Updated: 27 May 2016 10:46:42