OpenBSD ICMP6 Echo Request Remote Denial Of Service Vulnerability

Bugtraq ID:	22087
Class:	Unknown
CVE:
Remote:	Yes
Local:	No
Published:	Jan 16 2007 12:00AM
Updated:	Jan 18 2007 12:00AM
Credit:	The vendor disclosed this issue.
Vulnerable:	OpenBSD OpenBSD 4.0 OpenBSD OpenBSD 3.9
Not Vulnerable:

OpenBSD ICMP6 Echo Request Remote Denial Of Service Vulnerability

OpenBSD is prone to a remote denial-of-service vulnerability because of a flaw in the affected kernel when processing ICMP6 requests.

Exploiting this issue allows remote attackers to cause the kernel to enter an infinite loop, denying further service to legitimate users.

OpenBSD ICMP6 Echo Request Remote Denial Of Service Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].

OpenBSD ICMP6 Echo Request Remote Denial Of Service Vulnerability

Solution:
Fixes are available for OpenBSD 3.9 and 4.0. Please see the reference section for more information.


OpenBSD OpenBSD 4.0

• OpenBSD 008_icmp6.patch
  ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.0/common/008_icmp6.patch

OpenBSD OpenBSD 3.9

• OpenBSD 018_icmp6.patch
  ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.9/common/018_icmp6.patch

OpenBSD ICMP6 Echo Request Remote Denial Of Service Vulnerability

References:

• OpenBSD Errata Page (OpenBSD)
  
• OpenBSD Homepage (OpenBSD)