Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2008.0131 -- [UNIX/Linux] KAME project IPv6 IPComp header denial of service vulnerability 8 February 2008 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: The KAME project's IPv6 implementation Publisher: US-CERT Operating System: UNIX variants (UNIX, Linux, OSX) Impact: Denial of Service Access: Remote/Unauthenticated CVE Names: CVE-2008-0177 Original Bulletin: http://www.kb.cert.org/vuls/id/110947 - --------------------------BEGIN INCLUDED TEXT-------------------- US-CERT Vulnerability Note VU#110947 KAME project IPv6 IPComp header denial of service vulnerability Overview The KAME project's IPv6 implementation does not properly process IPv6 packets that contain the IPComp header. If exploited, this vulnerability may allow an attacker to cause a vulnerable system to crash. I. Description Per RFC 3173: IP payload compression is a protocol to reduce the size of IP datagrams. This protocol will increase the overall communication performance between a pair of communicating hosts/gateways ("nodes") by compressing the datagrams, provided the nodes have sufficient computation power, through either CPU capacity or a compression coprocessor, and the communication is over slow or congested links. Systems that have IPv6 networking derived from the KAME project IPv6 implementation may not properly process IPv6 packets that contain an IPComp header. An attacker can exploit this vulnerability by sending an IPv6 packet with a IPComp header to a vulnerable system. II. Impact A remote, unauthenticated attacker can cause a vulnerable system to crash. III. Solution See the systems affected section of this document for a partial list of affected vendors. Administrators who compile their kernel from source should see http://www.kame.net/dev/cvsweb2.cgi/kame/kame/sys/netinet6/ipcomp_input.c.diff?r1=1.36;r2=1.37 for more information. Restrict access Until updates can be applied, using a packet-filtering firewall to block IPv6 packets that contain the IPComp header may prevent this vulnerability from being exploited by remote attackers. Systems Affected Vendor Status Date Updated 3com, Inc. Unknown 30-Nov-2007 Alcatel Unknown 30-Nov-2007 Apple Computer, Inc. Unknown 30-Nov-2007 AT&T Unknown 30-Nov-2007 Avaya, Inc. Unknown 30-Nov-2007 Avici Systems, Inc. Unknown 30-Nov-2007 Borderware Technologies Not Vulnerable 30-Jan-2008 Bro Unknown 30-Nov-2007 CentOS Unknown 21-Jan-2008 Charlotte's Web Networks Unknown 30-Nov-2007 Check Point Software Technologies Unknown 30-Nov-2007 Chiaro Networks, Inc. Unknown 30-Nov-2007 Cisco Systems, Inc. Unknown 30-Nov-2007 Clavister Unknown 30-Nov-2007 Computer Associates Not Vulnerable 1-Feb-2008 Computer Associates eTrust Security Management Not Vulnerable 1-Feb-2008 Conectiva Inc. Unknown 30-Nov-2007 Cray Inc. Unknown 30-Nov-2007 D-Link Systems, Inc. Unknown 30-Nov-2007 Data Connection, Ltd. Unknown 30-Nov-2007 Debian GNU/Linux Not Vulnerable 6-Feb-2008 EMC Corporation Unknown 30-Nov-2007 Engarde Secure Linux Unknown 30-Nov-2007 Enterasys Networks Unknown 30-Nov-2007 Ericsson Unknown 30-Nov-2007 eSoft, Inc. Unknown 30-Nov-2007 Extreme Networks Unknown 30-Nov-2007 F5 Networks, Inc. Unknown 30-Nov-2007 Fedora Project Unknown 30-Nov-2007 Force10 Networks, Inc. Vulnerable 6-Feb-2008 Fortinet, Inc. Unknown 30-Nov-2007 Foundry Networks, Inc. Unknown 30-Nov-2007 FreeBSD, Inc. Vulnerable 6-Feb-2008 Fujitsu Unknown 30-Nov-2007 Gentoo Linux Unknown 30-Nov-2007 Global Technology Associates Not Vulnerable 12-Dec-2007 Hewlett-Packard Company Unknown 30-Nov-2007 Hitachi Not Vulnerable 1-Feb-2008 Hyperchip Unknown 30-Nov-2007 IBM Corporation Not Vulnerable 6-Feb-2008 IBM Corporation (zseries) Unknown 30-Nov-2007 IBM eServer Unknown 30-Nov-2007 Ingrian Networks, Inc. Unknown 30-Nov-2007 Intel Corporation Unknown 1-Feb-2008 Internet Security Systems, Inc. Not Vulnerable 6-Feb-2008 Intoto Unknown 30-Nov-2007 IP Filter Unknown 30-Nov-2007 Juniper Networks, Inc. Vulnerable 7-Feb-2008 KAME Project Vulnerable 7-Feb-2008 Linksys (A division of Cisco Systems) Unknown 30-Nov-2007 Lucent Technologies Unknown 30-Nov-2007 Luminous Networks Unknown 30-Nov-2007 m0n0wall Unknown 30-Nov-2007 Mandriva, Inc. Unknown 30-Nov-2007 McAfee Not Vulnerable 12-Dec-2007 Microsoft Corporation Unknown 30-Nov-2007 MontaVista Software, Inc. Unknown 30-Nov-2007 Multinet (owned Process Software Corporation) Unknown 30-Nov-2007 Multitech, Inc. Unknown 30-Nov-2007 NEC Corporation Unknown 30-Nov-2007 NetBSD Vulnerable 12-Dec-2007 netfilter Unknown 30-Nov-2007 Network Appliance, Inc. Unknown 30-Nov-2007 NextHop Technologies, Inc. Unknown 30-Nov-2007 Nokia Unknown 5-Feb-2008 Nortel Networks, Inc. Unknown 30-Nov-2007 Novell, Inc. Not Vulnerable 1-Feb-2008 OpenBSD Unknown 30-Nov-2007 Openwall GNU/*/Linux Unknown 30-Nov-2007 PC-BSD Unknown 5-Feb-2008 QNX, Software Systems, Inc. Vulnerable 1-Feb-2008 RadWare, Inc. Unknown 5-Feb-2008 Red Hat, Inc. Unknown 30-Nov-2007 Redback Networks, Inc. Not Vulnerable 5-Feb-2008 Riverstone Networks, Inc. Unknown 30-Nov-2007 Secure Computing Network Security Division Not Vulnerable 12-Dec-2007 Secureworx, Inc. Unknown 30-Nov-2007 Silicon Graphics, Inc. Unknown 30-Nov-2007 Slackware Linux Inc. Unknown 30-Nov-2007 SmoothWall Not Vulnerable 12-Dec-2007 Snort Unknown 30-Nov-2007 Sony Corporation Unknown 30-Nov-2007 Sourcefire Unknown 30-Nov-2007 Stonesoft Unknown 30-Nov-2007 Sun Microsystems, Inc. Not Vulnerable 6-Feb-2008 SUSE Linux Unknown 30-Nov-2007 Symantec, Inc. Unknown 30-Nov-2007 The SCO Group Not Vulnerable 12-Dec-2007 TippingPoint, Technologies, Inc. Not Vulnerable 12-Dec-2007 Trustix Secure Linux Unknown 30-Nov-2007 Turbolinux Unknown 30-Nov-2007 Ubuntu Unknown 30-Nov-2007 Unisys Unknown 30-Nov-2007 Watchguard Technologies, Inc. Unknown 30-Nov-2007 Wind River Systems, Inc. Unknown 30-Nov-2007 ZyXEL Unknown 30-Nov-2007 References http://www.kame.net/dev/cvsweb2.cgi/kame/kame/sys/netinet6/ipcomp_input.c.diff?r1=1.36;r2=1.37 http://www.kame.net/ http://www.ietf.org/rfc/rfc3173.txt http://secunia.com/advisories/28816/ http://secunia.com/advisories/28788/ http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/netinet6/ipcomp_input.c?f=u&only_with_tag=netbsd-3-1 http://jvn.jp/cert/JVNVU%23110947/ Credit Thanks to Shoichi Sakane of the KAME project for reporting this vulnerability. This document was written by Ryan Giobbi. Other Information Date Public 02/06/2008 Date First Published 02/06/2008 07:05:57 AM Date Last Updated 02/07/2008 CERT Advisory CVE Name CVE-2008-0177 US-CERT Technical Alerts Metric 4.39 Document Revision 32 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 If you believe that your computer system has been compromised or attacked in any way, we encourage you to let us know by completing the secure National IT Incident Reporting Form at: http://www.auscert.org.au/render.html?it=3192 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQCVAwUBR6ub4ih9+71yA2DNAQLwjwP+O/G28vjQrswUlLxVNyav4R/5HqTy4Eo4 B6Yu5u+mBKqs2MM4ABzvRIEG3EfArXiTef0+tkpPVYQ+6MpCEz/FBV4Xvj1KLwEP jiM/NOxKlKwYFT6nSmICRpGJLirhkfOm4IFo+t1u8yLTwZ8LabBBrs1xnnwbDeeK 0w0LxB5S40I= =9Pe+ -----END PGP SIGNATURE-----