OSVDB ID: 33050

Title: OpenBSD kern/uipc_mbuf2.c mbuf Crafted ICMP6 Packet Remote Code Execution

Info

Disclosure

Feb 26, 2007

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

A remote overflow exists in OpenBSD. The kernel fails to properly allocate kernel memory buffers when handling ICMP6 packets resulting in a buffer overflow. With a specially crafted packet, an attacker can cause arbitrary code execution resulting in a loss of integrity.

Classification

Location: Remote/Network Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Unknown
Disclosure: OSVDB Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, OpenBSD has released a patch to address this vulnerability.

Products

OpenBSD	OpenBSD	3.9
		4.0

References

Bugtraq ID: 22901
CERT VU: 986425
Other Advisory URL: http://undeadly.org/cgi?action=article&sid=20070308154628&mode=expanded
http://www.coresecurity.com/index.php5?module=ContentMod&action=item&id=1703
Vendor Specific Advisory URL: http://www.openbsd.org/errata39.html#m_dup1
http://www.openbsd.org/errata40.html#m_dup1
Secunia Advisory ID: 24490
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-03/0158.html
http://attrition.org/pipermail/vim/2007-March/001420.html
CVE ID: 2007-1365 (see also: NVD)
Security Tracker: 1017735 1017744
News Article: http://news.com.com/OpenBSD+hit+by+critical+IPv6+flaw/2100-1002_3-6167193.html

Credit

Alfredo Ortega -

Direct URL: http://osvdb.org/36218