OpenBSD ICMPV6 Packet Handling Remote Buffer Overflow Vulnerability
BID:22901
Info
OpenBSD ICMPV6 Packet Handling Remote Buffer Overflow Vulnerability
| Bugtraq ID: | 22901 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2007-1365 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 09 2007 12:00AM |
| Updated: | Nov 03 2007 12:06AM |
| Credit: | Alfredo Ortega from Core Security Technologies is credited with the discovery of this vulnerability. |
| Vulnerable: |
OpenBSD OpenBSD 4.1 OpenBSD OpenBSD 4.0 OpenBSD OpenBSD 3.9 OpenBSD OpenBSD 3.8 OpenBSD OpenBSD 3.6 OpenBSD OpenBSD 3.1 |
| Not Vulnerable: | |
Discussion
OpenBSD ICMPV6 Packet Handling Remote Buffer Overflow Vulnerability
OpenBSD is prone to a remote buffer-overflow vulnerability because the software fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.
A remote attacker can exploit this issue to execute arbitrary code with kernel-level privileges or to crash the affected computer. Successful exploits will result in a complete compromise of vulnerable computers or cause denial-of-service conditions.
OpenBSD is prone to a remote buffer-overflow vulnerability because the software fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.
A remote attacker can exploit this issue to execute arbitrary code with kernel-level privileges or to crash the affected computer. Successful exploits will result in a complete compromise of vulnerable computers or cause denial-of-service conditions.
Exploit / POC
OpenBSD ICMPV6 Packet Handling Remote Buffer Overflow Vulnerability
An attacker can exploit this issue by using standard network utilities.
UPDATE: Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.
The following exploit code is available:
An attacker can exploit this issue by using standard network utilities.
UPDATE: Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.
The following exploit code is available:
Solution / Fix
OpenBSD ICMPV6 Packet Handling Remote Buffer Overflow Vulnerability
Solution:
The vendor released updates to address this issue. Please see the references for more information.
OpenBSD OpenBSD 4.0
OpenBSD OpenBSD 3.9
Solution:
The vendor released updates to address this issue. Please see the references for more information.
OpenBSD OpenBSD 4.0
-
OpenBSD 010_m_dup1.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.0/common/010_m_dup1.patch
OpenBSD OpenBSD 3.9
-
OpenBSD 020_m_dup1.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.9/common/020_m_dup1.patch
References
OpenBSD ICMPV6 Packet Handling Remote Buffer Overflow Vulnerability
References:
References:
- OpenBSD Errata Page (OpenBSD)
- OpenBSD Homepage (OpenBSD)
- Vulnerability Note VU#986425 (US-CERT)