OpenBSD kern/uipc_mbuf2.c mbuf Crafted ICMP6 Packet Remote Code Execution

2007-02-26T14:03:52
ID OSVDB:33050
Type osvdb
Reporter Alfredo Ortega()
Modified 2007-02-26T14:03:52

Description

Vulnerability Description

A remote overflow exists in OpenBSD. The kernel fails to properly allocate kernel memory buffers when handling ICMP6 packets resulting in a buffer overflow. With a specially crafted packet, an attacker can cause arbitrary code execution resulting in a loss of integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, OpenBSD has released a patch to address this vulnerability.

Short Description

A remote overflow exists in OpenBSD. The kernel fails to properly allocate kernel memory buffers when handling ICMP6 packets resulting in a buffer overflow. With a specially crafted packet, an attacker can cause arbitrary code execution resulting in a loss of integrity.

References:

Vendor Specific Advisory URL Vendor Specific Advisory URL Security Tracker: 1017744 Security Tracker: 1017735 Secunia Advisory ID:24490 Other Advisory URL: http://www.coresecurity.com/index.php5?module=ContentMod&action=item&id=1703 Other Advisory URL: http://undeadly.org/cgi?action=article&sid=20070308154628&mode=expanded News Article: http://news.com.com/OpenBSD+hit+by+critical+IPv6+flaw/2100-1002_3-6167193.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-03/0158.html Mail List Post: http://attrition.org/pipermail/vim/2007-March/001420.html CVE-2007-1365 CERT VU: 986425 Bugtraq ID: 22901