Lucene search

FreeBSD2F794295-7B69-11DD-80BA-000BCDF0A03B

HistorySep 03, 2008 - 12:00 a.m.

FreeBSD -- Remote kernel panics on IPv6 connections

2008-09-0300:00:00

vuxml.freebsd.org

7.1 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

0.018 Low

EPSS

Percentile

87.9%

JSON

Problem Description:
In case of an incoming ICMPv6 ‘Packet Too Big Message’, there
is an insufficient check on the proposed new MTU for a path to
the destination.
Impact:
When the kernel is configured to process IPv6 packets and has
active IPv6 TCP sockets, a specifically crafted ICMPv6 ‘Packet
Too Big Message’ could cause the TCP stack of the kernel to
panic.
Workaround:
Systems without INET6 / IPv6 support are not vulnerable and
neither are systems which do not listen on any IPv6 TCP sockets
and have no active IPv6 connections.
Filter ICMPv6 ‘Packet Too Big Messages’ using a firewall, but
this will at the same time break PMTU support for IPv6
connections.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchfreebsd= 6.3UNKNOWN
FreeBSDanynoarchfreebsd< 6.3_4UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	freebsd	= 6.3	UNKNOWN
FreeBSD	any	noarch	freebsd	< 6.3_4	UNKNOWN

7.1 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

0.018 Low

EPSS

Percentile

87.9%

JSON

Related for 2F794295-7B69-11DD-80BA-000BCDF0A03B