GNUnet Empty UDP Datagram Remote Denial of Service Vulnerability

Bugtraq ID:	17980
Class:	Failure to Handle Exceptional Conditions
CVE:	CVE-2006-2413
Remote:	Yes
Local:	No
Published:	May 15 2006 12:00AM
Updated:	Jul 06 2016 02:40PM
Credit:	Luigi Auriemma is credited with the discovery of this issue.
Vulnerable:	GNU GNUnet SVN Revision 2780 GNU GNUnet 0.7.0d
Not Vulnerable:	GNU GNUnet SVN Revision 2781

GNUnet Empty UDP Datagram Remote Denial of Service Vulnerability

A denial-of-service vulnerability affects GNUnet. This issue is due to the application's failure to properly handle malformed UDP datagrams.

The vulnerability allows remote attackers from external networks to crash the application, denying further service to legitimate users.

GNUnet versions 0.7.0d and SVN revision 2780 are affected by this issue; other versions may also be affected.

GNUnet Empty UDP Datagram Remote Denial of Service Vulnerability

Sample exploit code has been provided:

• /data/vulnerabilities/exploits/udpsz.zip

GNUnet Empty UDP Datagram Remote Denial of Service Vulnerability

Solution:
GNUnet SVN revision 2781 is available to address this issue.

Please see the references for vendor advisories and fixes.


GNU GNUnet SVN Revision 2780

• GNU GNUnet SVN Revision 2781
  https://gnunet.org/svn/GNUnet/

GNU GNUnet 0.7.0d

• GNU GNUnet SVN Revision 2781
  https://gnunet.org/svn/GNUnet/

GNUnet Empty UDP Datagram Remote Denial of Service Vulnerability

References:

• GNUnet Empty UDP Datagram Denial of Service Vulnerability (Luigi Auriemma)