FreeBSD Malformed ICMPv6 Packet Remote Denial Of Service Vulnerability
BID:31004
Info
FreeBSD Malformed ICMPv6 Packet Remote Denial Of Service Vulnerability
| Bugtraq ID: | 31004 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: |
CVE-2008-3530 |
| Remote: | Yes |
| Local: | No |
| Published: | Sep 03 2008 12:00AM |
| Updated: | May 13 2009 06:46PM |
| Credit: | Tom Parker and Bjoern A. Zeeb |
| Vulnerable: |
NetBSD NetBSD 3.0.2 NetBSD NetBSD 3.0.1 NetBSD NetBSD Current NetBSD NetBSD 4.0 BETA2 NetBSD NetBSD 4.0 NetBSD NetBSD 4,0_Beta NetBSD NetBSD 3.1_RC3 NetBSD NetBSD 3.1 NetBSD NetBSD 3.1 Navision Financials Server 3.0 FreeBSD FreeBSD 6.0 -STABLE FreeBSD FreeBSD 7.0-RELEASE FreeBSD FreeBSD 7.0 -RELENG FreeBSD FreeBSD 6.3 -RELENG Apple Mac OS X Server 10.5.6 Apple Mac OS X Server 10.5.5 Apple Mac OS X Server 10.5.4 Apple Mac OS X Server 10.5.3 Apple Mac OS X Server 10.5.2 Apple Mac OS X Server 10.5.1 Apple Mac OS X Server 10.5 Apple Mac OS X 10.5.6 Apple Mac OS X 10.5.5 Apple Mac OS X 10.5.4 Apple Mac OS X 10.5.3 Apple Mac OS X 10.5.2 Apple Mac OS X 10.5.1 Apple Mac OS X 10.5 Apple AirPort Extreme Base Station 0 Apple AirPort Express Firmware 6.3 Apple AirPort Express Firmware 6.1 Apple AirPort Base Station |
| Not Vulnerable: |
Apple Time Capsule Firmware 7.4.1 Apple Mac OS X Server 10.5.7 Apple Mac OS X 10.5.7 Apple AirPort Extreme Base Station with 802.11n Firmware 7.4.1 Apple AirPort Express Base Station with 802.11n Firmware 7.4.1 |
Discussion
FreeBSD Malformed ICMPv6 Packet Remote Denial Of Service Vulnerability
FreeBSD is prone to a remote denial-of-service vulnerability.
Remote attackers can exploit this issue to cause the kernel's TCP stack to panic, denying service to legitimate users.
FreeBSD is prone to a remote denial-of-service vulnerability.
Remote attackers can exploit this issue to cause the kernel's TCP stack to panic, denying service to legitimate users.
Exploit / POC
FreeBSD Malformed ICMPv6 Packet Remote Denial Of Service Vulnerability
Attackers can use readily available network tools to exploit this issue.
Attackers can use readily available network tools to exploit this issue.
Solution / Fix
FreeBSD Malformed ICMPv6 Packet Remote Denial Of Service Vulnerability
Solution:
The vendor has released an advisory and fixes. Please see the references for more information.
Apple Mac OS X Server 10.5
Apple Mac OS X 10.5
FreeBSD FreeBSD 6.3 -RELENG
FreeBSD FreeBSD 7.0 -RELENG
Apple Mac OS X 10.5.1
Apple Mac OS X Server 10.5.1
Apple Mac OS X 10.5.2
Apple Mac OS X Server 10.5.2
Apple Mac OS X 10.5.3
Apple Mac OS X Server 10.5.3
Apple Mac OS X 10.5.4
Apple Mac OS X Server 10.5.4
Apple Mac OS X Server 10.5.5
Apple Mac OS X 10.5.5
Apple Mac OS X 10.5.6
Apple Mac OS X Server 10.5.6
FreeBSD FreeBSD 6.0 -STABLE
Solution:
The vendor has released an advisory and fixes. Please see the references for more information.
Apple Mac OS X Server 10.5
-
Apple MacOSXServerUpdCombo10.5.7.dmg
http://support.apple.com/downloads/DL829/MacOSXServerUpdCombo10.5.7.dm g
Apple Mac OS X 10.5
-
Apple MacOSXUpdCombo10.5.7.dmg
http://support.apple.com/downloads/DL827/MacOSXUpdCombo10.5.7.dmg
FreeBSD FreeBSD 6.3 -RELENG
-
FreeBSD icmp6.patch
http://security.FreeBSD.org/patches/SA-08:09/icmp6.patch
FreeBSD FreeBSD 7.0 -RELENG
-
FreeBSD icmp6.patch
http://security.FreeBSD.org/patches/SA-08:09/icmp6.patch
Apple Mac OS X 10.5.1
-
Apple MacOSXUpdCombo10.5.7.dmg
http://support.apple.com/downloads/DL827/MacOSXUpdCombo10.5.7.dmg
Apple Mac OS X Server 10.5.1
-
Apple MacOSXServerUpdCombo10.5.7.dmg
http://support.apple.com/downloads/DL829/MacOSXServerUpdCombo10.5.7.dm g
Apple Mac OS X 10.5.2
-
Apple MacOSXUpdCombo10.5.7.dmg
http://support.apple.com/downloads/DL827/MacOSXUpdCombo10.5.7.dmg
Apple Mac OS X Server 10.5.2
-
Apple MacOSXServerUpdCombo10.5.7.dmg
http://support.apple.com/downloads/DL829/MacOSXServerUpdCombo10.5.7.dm g
Apple Mac OS X 10.5.3
-
Apple MacOSXUpdCombo10.5.7.dmg
http://support.apple.com/downloads/DL827/MacOSXUpdCombo10.5.7.dmg
Apple Mac OS X Server 10.5.3
-
Apple MacOSXServerUpdCombo10.5.7.dmg
http://support.apple.com/downloads/DL829/MacOSXServerUpdCombo10.5.7.dm g
Apple Mac OS X 10.5.4
-
Apple MacOSXUpdCombo10.5.7.dmg
http://support.apple.com/downloads/DL827/MacOSXUpdCombo10.5.7.dmg
Apple Mac OS X Server 10.5.4
-
Apple MacOSXServerUpdCombo10.5.7.dmg
http://support.apple.com/downloads/DL829/MacOSXServerUpdCombo10.5.7.dm g
Apple Mac OS X Server 10.5.5
-
Apple MacOSXServerUpdCombo10.5.7.dmg
http://support.apple.com/downloads/DL829/MacOSXServerUpdCombo10.5.7.dm g
Apple Mac OS X 10.5.5
-
Apple MacOSXUpdCombo10.5.7.dmg
http://support.apple.com/downloads/DL827/MacOSXUpdCombo10.5.7.dmg
Apple Mac OS X 10.5.6
-
Apple MacOSXUpd10.5.7.dmg
http://support.apple.com/downloads/DL826/MacOSXUpd10.5.7.dmg
Apple Mac OS X Server 10.5.6
-
Apple MacOSXServerUpd10.5.7.dmg
http://support.apple.com/downloads/DL828/MacOSXServerUpd10.5.7.dmg
FreeBSD FreeBSD 6.0 -STABLE
-
FreeBSD icmp6.patch
http://security.FreeBSD.org/patches/SA-08:09/icmp6.patch
References
FreeBSD Malformed ICMPv6 Packet Remote Denial Of Service Vulnerability
References:
References: