{"vuid":"VU#110947","idnumber":"110947","name":"KAME project IPv6 IPComp header denial of service vulnerability","keywords":["NetBSD","IPv6 packet","IPComp Header","apple_security_update_2008_003"],"overview":"The KAME project's IPv6 implementation does not properly process IPv6 packets that contain the IPComp header. If exploited, this vulnerability may allow an attacker to cause a vulnerable system to crash.","clean_desc":"Per RFC 3173: IP payload compression is a protocol to reduce the size of IP datagrams. This protocol will increase the overall communication performance between a pair of communicating hosts/gateways (\"nodes\") by compressing the datagrams, provided the nodes have sufficient computation power, through either CPU capacity or a compression coprocessor, and the communication is over slow or congested links. Systems that have IPv6 networking derived from the KAME project IPv6 implementation may not properly process IPv6 packets that contain an IPComp header. An attacker can exploit this vulnerability by sending an IPv6 packet with a IPComp header to a vulnerable system.","impact":"A remote, unauthenticated attacker can cause a vulnerable system to crash.","resolution":"See the systems affected section of this document for a partial list of affected vendors. Administrators who compile their kernel from source should see http://www.kame.net/dev/cvsweb2.cgi/kame/kame/sys/netinet6/ipcomp_input.c.diff?r1=1.36;r2=1.37 for more information.","workarounds":"Restrict access Until updates can be applied, using a packet-filtering firewall to block IPv6 packets that contain the IPComp header may prevent this vulnerability from being exploited by remote attackers.","sysaffected":"","thanks":"Thanks to Shoichi Sakane of the KAME project for reporting this vulnerability.","author":"This document was written by Ryan Giobbi.","public":["http://www.kame.net/dev/cvsweb2.cgi/kame/kame/sys/netinet6/ipcomp_input.c.diff?r1=1.36;r2=1.37","http://www.kame.net/","http://www.ietf.org/rfc/rfc3173.txt","http://secunia.com/advisories/28816/","http://secunia.com/advisories/28788/","http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/netinet6/ipcomp_input.c?f=u&only_with_tag=netbsd-3-1","http://jvn.jp/cert/JVNVU%23110947/","http://www.milw0rm.com/exploits/5191"],"cveids":["CVE-2008-0177"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2007-11-29T18:16:12Z","publicdate":"2008-02-06T00:00:00Z","datefirstpublished":"2008-02-06T12:05:55Z","dateupdated":"2009-04-29T17:59:27Z","revision":38,"vrda_d1_directreport":"1","vrda_d1_population":"2","vrda_d1_impact":"4","cam_widelyknown":"4","cam_exploitation":"0","cam_internetinfrastructure":"9","cam_population":"5","cam_impact":"10","cam_easeofexploitation":"18","cam_attackeraccessrequired":"20","cam_scorecurrent":"4.3875","cam_scorecurrentwidelyknown":"9.7875","cam_scorecurrentwidelyknownexploited":"16.5375","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":4.3875,"vulnote":null}