Date: 08 February 2008
References: ESB-2008.0166 ESB-2008.0560
Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2008.0131 -- [UNIX/Linux]
KAME project IPv6 IPComp header denial of service vulnerability
8 February 2008
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: The KAME project's IPv6 implementation
Publisher: US-CERT
Operating System: UNIX variants (UNIX, Linux, OSX)
Impact: Denial of Service
Access: Remote/Unauthenticated
CVE Names: CVE-2008-0177
Original Bulletin: http://www.kb.cert.org/vuls/id/110947
- --------------------------BEGIN INCLUDED TEXT--------------------
US-CERT Vulnerability Note VU#110947
KAME project IPv6 IPComp header denial of service vulnerability
Overview
The KAME project's IPv6 implementation does not properly process IPv6
packets that contain the IPComp header. If exploited, this
vulnerability may allow an attacker to cause a vulnerable system to
crash.
I. Description
Per RFC 3173:
IP payload compression is a protocol to reduce the size of IP
datagrams. This protocol will increase the overall communication
performance between a pair of communicating hosts/gateways
("nodes") by compressing the datagrams, provided the nodes have
sufficient computation power, through either CPU capacity or a
compression coprocessor, and the communication is over slow or
congested links.
Systems that have IPv6 networking derived from the KAME project
IPv6 implementation may not properly process IPv6 packets that contain
an IPComp header. An attacker can exploit this vulnerability by
sending an IPv6 packet with a IPComp header to a vulnerable system.
II. Impact
A remote, unauthenticated attacker can cause a vulnerable system to
crash.
III. Solution
See the systems affected section of this document for a partial list
of affected vendors. Administrators who compile their kernel from
source should see
http://www.kame.net/dev/cvsweb2.cgi/kame/kame/sys/netinet6/ipcomp_input.c.diff?r1=1.36;r2=1.37 for more information.
Restrict access
Until updates can be applied, using a packet-filtering firewall to
block IPv6 packets that contain the IPComp header may prevent this
vulnerability from being exploited by remote attackers.
Systems Affected
Vendor Status Date Updated
3com, Inc. Unknown 30-Nov-2007
Alcatel Unknown 30-Nov-2007
Apple Computer, Inc. Unknown 30-Nov-2007
AT&T Unknown 30-Nov-2007
Avaya, Inc. Unknown 30-Nov-2007
Avici Systems, Inc. Unknown 30-Nov-2007
Borderware Technologies Not Vulnerable 30-Jan-2008
Bro Unknown 30-Nov-2007
CentOS Unknown 21-Jan-2008
Charlotte's Web Networks Unknown 30-Nov-2007
Check Point Software Technologies Unknown 30-Nov-2007
Chiaro Networks, Inc. Unknown 30-Nov-2007
Cisco Systems, Inc. Unknown 30-Nov-2007
Clavister Unknown 30-Nov-2007
Computer Associates Not Vulnerable 1-Feb-2008
Computer Associates eTrust Security Management Not Vulnerable 1-Feb-2008
Conectiva Inc. Unknown 30-Nov-2007
Cray Inc. Unknown 30-Nov-2007
D-Link Systems, Inc. Unknown 30-Nov-2007
Data Connection, Ltd. Unknown 30-Nov-2007
Debian GNU/Linux Not Vulnerable 6-Feb-2008
EMC Corporation Unknown 30-Nov-2007
Engarde Secure Linux Unknown 30-Nov-2007
Enterasys Networks Unknown 30-Nov-2007
Ericsson Unknown 30-Nov-2007
eSoft, Inc. Unknown 30-Nov-2007
Extreme Networks Unknown 30-Nov-2007
F5 Networks, Inc. Unknown 30-Nov-2007
Fedora Project Unknown 30-Nov-2007
Force10 Networks, Inc. Vulnerable 6-Feb-2008
Fortinet, Inc. Unknown 30-Nov-2007
Foundry Networks, Inc. Unknown 30-Nov-2007
FreeBSD, Inc. Vulnerable 6-Feb-2008
Fujitsu Unknown 30-Nov-2007
Gentoo Linux Unknown 30-Nov-2007
Global Technology Associates Not Vulnerable 12-Dec-2007
Hewlett-Packard Company Unknown 30-Nov-2007
Hitachi Not Vulnerable 1-Feb-2008
Hyperchip Unknown 30-Nov-2007
IBM Corporation Not Vulnerable 6-Feb-2008
IBM Corporation (zseries) Unknown 30-Nov-2007
IBM eServer Unknown 30-Nov-2007
Ingrian Networks, Inc. Unknown 30-Nov-2007
Intel Corporation Unknown 1-Feb-2008
Internet Security Systems, Inc. Not Vulnerable 6-Feb-2008
Intoto Unknown 30-Nov-2007
IP Filter Unknown 30-Nov-2007
Juniper Networks, Inc. Vulnerable 7-Feb-2008
KAME Project Vulnerable 7-Feb-2008
Linksys (A division of Cisco Systems) Unknown 30-Nov-2007
Lucent Technologies Unknown 30-Nov-2007
Luminous Networks Unknown 30-Nov-2007
m0n0wall Unknown 30-Nov-2007
Mandriva, Inc. Unknown 30-Nov-2007
McAfee Not Vulnerable 12-Dec-2007
Microsoft Corporation Unknown 30-Nov-2007
MontaVista Software, Inc. Unknown 30-Nov-2007
Multinet (owned Process Software Corporation) Unknown 30-Nov-2007
Multitech, Inc. Unknown 30-Nov-2007
NEC Corporation Unknown 30-Nov-2007
NetBSD Vulnerable 12-Dec-2007
netfilter Unknown 30-Nov-2007
Network Appliance, Inc. Unknown 30-Nov-2007
NextHop Technologies, Inc. Unknown 30-Nov-2007
Nokia Unknown 5-Feb-2008
Nortel Networks, Inc. Unknown 30-Nov-2007
Novell, Inc. Not Vulnerable 1-Feb-2008
OpenBSD Unknown 30-Nov-2007
Openwall GNU/*/Linux Unknown 30-Nov-2007
PC-BSD Unknown 5-Feb-2008
QNX, Software Systems, Inc. Vulnerable 1-Feb-2008
RadWare, Inc. Unknown 5-Feb-2008
Red Hat, Inc. Unknown 30-Nov-2007
Redback Networks, Inc. Not Vulnerable 5-Feb-2008
Riverstone Networks, Inc. Unknown 30-Nov-2007
Secure Computing Network Security Division Not Vulnerable 12-Dec-2007
Secureworx, Inc. Unknown 30-Nov-2007
Silicon Graphics, Inc. Unknown 30-Nov-2007
Slackware Linux Inc. Unknown 30-Nov-2007
SmoothWall Not Vulnerable 12-Dec-2007
Snort Unknown 30-Nov-2007
Sony Corporation Unknown 30-Nov-2007
Sourcefire Unknown 30-Nov-2007
Stonesoft Unknown 30-Nov-2007
Sun Microsystems, Inc. Not Vulnerable 6-Feb-2008
SUSE Linux Unknown 30-Nov-2007
Symantec, Inc. Unknown 30-Nov-2007
The SCO Group Not Vulnerable 12-Dec-2007
TippingPoint, Technologies, Inc. Not Vulnerable 12-Dec-2007
Trustix Secure Linux Unknown 30-Nov-2007
Turbolinux Unknown 30-Nov-2007
Ubuntu Unknown 30-Nov-2007
Unisys Unknown 30-Nov-2007
Watchguard Technologies, Inc. Unknown 30-Nov-2007
Wind River Systems, Inc. Unknown 30-Nov-2007
ZyXEL Unknown 30-Nov-2007
References
http://www.kame.net/dev/cvsweb2.cgi/kame/kame/sys/netinet6/ipcomp_input.c.diff?r1=1.36;r2=1.37
http://www.kame.net/
http://www.ietf.org/rfc/rfc3173.txt
http://secunia.com/advisories/28816/
http://secunia.com/advisories/28788/
http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/netinet6/ipcomp_input.c?f=u&only_with_tag=netbsd-3-1
http://jvn.jp/cert/JVNVU%23110947/
Credit
Thanks to Shoichi Sakane of the KAME project for reporting this
vulnerability.
This document was written by Ryan Giobbi.
Other Information
Date Public 02/06/2008
Date First Published 02/06/2008 07:05:57 AM
Date Last Updated 02/07/2008
CERT Advisory
CVE Name CVE-2008-0177
US-CERT Technical Alerts
Metric 4.39
Document Revision 32
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:
http://www.auscert.org.au/render.html?it=3192
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQCVAwUBR6ub4ih9+71yA2DNAQLwjwP+O/G28vjQrswUlLxVNyav4R/5HqTy4Eo4
B6Yu5u+mBKqs2MM4ABzvRIEG3EfArXiTef0+tkpPVYQ+6MpCEz/FBV4Xvj1KLwEP
jiM/NOxKlKwYFT6nSmICRpGJLirhkfOm4IFo+t1u8yLTwZ8LabBBrs1xnnwbDeeK
0w0LxB5S40I=
=9Pe+
-----END PGP SIGNATURE-----
|