-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                       ESB-2008.0131 -- [UNIX/Linux]
      KAME project IPv6 IPComp header denial of service vulnerability
                              8 February 2008

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              The KAME project's IPv6 implementation
Publisher:            US-CERT
Operating System:     UNIX variants (UNIX, Linux, OSX)
Impact:               Denial of Service
Access:               Remote/Unauthenticated
CVE Names:            CVE-2008-0177

Original Bulletin:    http://www.kb.cert.org/vuls/id/110947

- --------------------------BEGIN INCLUDED TEXT--------------------

US-CERT Vulnerability Note VU#110947

KAME project IPv6 IPComp header denial of service vulnerability

Overview

   The KAME project's IPv6 implementation does not properly process IPv6
   packets that contain the IPComp header. If exploited, this
   vulnerability may allow an attacker to cause a vulnerable system to
   crash.

I. Description

   Per RFC 3173:
       IP payload compression is a protocol to reduce the size of IP
       datagrams. This protocol will increase the overall communication
       performance between a pair of communicating hosts/gateways
       ("nodes") by compressing the datagrams, provided the nodes have
       sufficient computation power, through either CPU capacity or a
       compression coprocessor, and the communication is over slow or
       congested links.

   Systems that have IPv6 networking derived from the KAME project
   IPv6 implementation may not properly process IPv6 packets that contain
   an IPComp header. An attacker can exploit this vulnerability by
   sending an IPv6 packet with a IPComp header to a vulnerable system.

II. Impact

   A remote, unauthenticated attacker can cause a vulnerable system to
   crash.

III. Solution

   See the systems affected section of this document for a partial list
   of affected vendors. Administrators who compile their kernel from
   source should see
   http://www.kame.net/dev/cvsweb2.cgi/kame/kame/sys/netinet6/ipcomp_input.c.diff?r1=1.36;r2=1.37 for more information.

   Restrict access
   Until updates can be applied, using a packet-filtering firewall to
   block IPv6 packets that contain the IPComp header may prevent this
   vulnerability from being exploited by remote attackers.

Systems Affected

 Vendor                                             Status         Date Updated
 3com, Inc.                                         Unknown        30-Nov-2007
 Alcatel                                            Unknown        30-Nov-2007
 Apple Computer, Inc.                               Unknown        30-Nov-2007
 AT&T                                               Unknown        30-Nov-2007
 Avaya, Inc.                                        Unknown        30-Nov-2007
 Avici Systems, Inc.                                Unknown        30-Nov-2007
 Borderware Technologies                            Not Vulnerable 30-Jan-2008
 Bro                                                Unknown        30-Nov-2007
 CentOS                                             Unknown        21-Jan-2008
 Charlotte's Web Networks                           Unknown        30-Nov-2007
 Check Point Software Technologies                  Unknown        30-Nov-2007
 Chiaro Networks, Inc.                              Unknown        30-Nov-2007
 Cisco Systems, Inc.                                Unknown        30-Nov-2007
 Clavister                                          Unknown        30-Nov-2007
 Computer Associates                                Not Vulnerable 1-Feb-2008
 Computer Associates eTrust Security Management     Not Vulnerable 1-Feb-2008
 Conectiva Inc.                                     Unknown        30-Nov-2007
 Cray Inc.                                          Unknown        30-Nov-2007
 D-Link Systems, Inc.                               Unknown        30-Nov-2007
 Data Connection, Ltd.                              Unknown        30-Nov-2007
 Debian GNU/Linux                                   Not Vulnerable 6-Feb-2008
 EMC Corporation                                    Unknown        30-Nov-2007
 Engarde Secure Linux                               Unknown        30-Nov-2007
 Enterasys Networks                                 Unknown        30-Nov-2007
 Ericsson                                           Unknown        30-Nov-2007
 eSoft, Inc.                                        Unknown        30-Nov-2007
 Extreme Networks                                   Unknown        30-Nov-2007
 F5 Networks, Inc.                                  Unknown        30-Nov-2007
 Fedora Project                                     Unknown        30-Nov-2007
 Force10 Networks, Inc.                             Vulnerable     6-Feb-2008
 Fortinet, Inc.                                     Unknown        30-Nov-2007
 Foundry Networks, Inc.                             Unknown        30-Nov-2007
 FreeBSD, Inc.                                      Vulnerable     6-Feb-2008
 Fujitsu                                            Unknown        30-Nov-2007
 Gentoo Linux                                       Unknown        30-Nov-2007
 Global Technology Associates                       Not Vulnerable 12-Dec-2007
 Hewlett-Packard Company                            Unknown        30-Nov-2007
 Hitachi                                            Not Vulnerable 1-Feb-2008
 Hyperchip                                          Unknown        30-Nov-2007
 IBM Corporation                                    Not Vulnerable 6-Feb-2008
 IBM Corporation (zseries)                          Unknown        30-Nov-2007
 IBM eServer                                        Unknown        30-Nov-2007
 Ingrian Networks, Inc.                             Unknown        30-Nov-2007
 Intel Corporation                                  Unknown        1-Feb-2008
 Internet Security Systems, Inc.                    Not Vulnerable 6-Feb-2008
 Intoto                                             Unknown        30-Nov-2007
 IP Filter                                          Unknown        30-Nov-2007
 Juniper Networks, Inc.                             Vulnerable     7-Feb-2008
 KAME Project                                       Vulnerable     7-Feb-2008
 Linksys (A division of Cisco Systems)              Unknown        30-Nov-2007
 Lucent Technologies                                Unknown        30-Nov-2007
 Luminous Networks                                  Unknown        30-Nov-2007
 m0n0wall                                           Unknown        30-Nov-2007
 Mandriva, Inc.                                     Unknown        30-Nov-2007
 McAfee                                             Not Vulnerable 12-Dec-2007
 Microsoft Corporation                              Unknown        30-Nov-2007
 MontaVista Software, Inc.                          Unknown        30-Nov-2007
 Multinet (owned Process Software Corporation)      Unknown        30-Nov-2007
 Multitech, Inc.                                    Unknown        30-Nov-2007
 NEC Corporation                                    Unknown        30-Nov-2007
 NetBSD                                             Vulnerable     12-Dec-2007
 netfilter                                          Unknown        30-Nov-2007
 Network Appliance, Inc.                            Unknown        30-Nov-2007
 NextHop Technologies, Inc.                         Unknown        30-Nov-2007
 Nokia                                              Unknown        5-Feb-2008
 Nortel Networks, Inc.                              Unknown        30-Nov-2007
 Novell, Inc.                                       Not Vulnerable 1-Feb-2008
 OpenBSD                                            Unknown        30-Nov-2007
 Openwall GNU/*/Linux                               Unknown        30-Nov-2007
 PC-BSD                                             Unknown        5-Feb-2008
 QNX, Software Systems, Inc.                        Vulnerable     1-Feb-2008
 RadWare, Inc.                                      Unknown        5-Feb-2008
 Red Hat, Inc.                                      Unknown        30-Nov-2007
 Redback Networks, Inc.                             Not Vulnerable 5-Feb-2008
 Riverstone Networks, Inc.                          Unknown        30-Nov-2007
 Secure Computing Network Security Division         Not Vulnerable 12-Dec-2007
 Secureworx, Inc.                                   Unknown        30-Nov-2007
 Silicon Graphics, Inc.                             Unknown        30-Nov-2007
 Slackware Linux Inc.                               Unknown        30-Nov-2007
 SmoothWall                                         Not Vulnerable 12-Dec-2007
 Snort                                              Unknown        30-Nov-2007
 Sony Corporation                                   Unknown        30-Nov-2007
 Sourcefire                                         Unknown        30-Nov-2007
 Stonesoft                                          Unknown        30-Nov-2007
 Sun Microsystems, Inc.                             Not Vulnerable 6-Feb-2008
 SUSE Linux                                         Unknown        30-Nov-2007
 Symantec, Inc.                                     Unknown        30-Nov-2007
 The SCO Group                                      Not Vulnerable 12-Dec-2007
 TippingPoint, Technologies, Inc.                   Not Vulnerable 12-Dec-2007
 Trustix Secure Linux                               Unknown        30-Nov-2007
 Turbolinux                                         Unknown        30-Nov-2007
 Ubuntu                                             Unknown        30-Nov-2007
 Unisys                                             Unknown        30-Nov-2007
 Watchguard Technologies, Inc.                      Unknown        30-Nov-2007
 Wind River Systems, Inc.                           Unknown        30-Nov-2007
 ZyXEL                                              Unknown        30-Nov-2007

References

   http://www.kame.net/dev/cvsweb2.cgi/kame/kame/sys/netinet6/ipcomp_input.c.diff?r1=1.36;r2=1.37
   http://www.kame.net/
   http://www.ietf.org/rfc/rfc3173.txt
   http://secunia.com/advisories/28816/
   http://secunia.com/advisories/28788/
   http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/netinet6/ipcomp_input.c?f=u&only_with_tag=netbsd-3-1
   http://jvn.jp/cert/JVNVU%23110947/

Credit

   Thanks to Shoichi Sakane of the KAME project for reporting this
   vulnerability.

   This document was written by Ryan Giobbi.

Other Information

                Date Public 02/06/2008
       Date First Published 02/06/2008 07:05:57 AM
          Date Last Updated 02/07/2008
              CERT Advisory
                   CVE Name CVE-2008-0177
   US-CERT Technical Alerts
                     Metric 4.39
          Document Revision 32


- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

If you believe that your computer system has been compromised or attacked in 
any way, we encourage you to let us know by completing the secure National IT 
Incident Reporting Form at:

        http://www.auscert.org.au/render.html?it=3192

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================

-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQCVAwUBR6ub4ih9+71yA2DNAQLwjwP+O/G28vjQrswUlLxVNyav4R/5HqTy4Eo4
B6Yu5u+mBKqs2MM4ABzvRIEG3EfArXiTef0+tkpPVYQ+6MpCEz/FBV4Xvj1KLwEP
jiM/NOxKlKwYFT6nSmICRpGJLirhkfOm4IFo+t1u8yLTwZ8LabBBrs1xnnwbDeeK
0w0LxB5S40I=
=9Pe+
-----END PGP SIGNATURE-----