Race condition

Race condition in the IPv6 virtual fragmentation reassembly VFR implementation in Cisco IOS 12.2 through 12.4 and 15.0 through 15.3 allows remote attackers to cause a denial of service device reload or hang via fragmented IPv6 packets, aka Bug ID CSCud64812...

Cisco IOS Software IPv6 Virtual Fragmentation Reassembly Denial of Service Vulnerability

A vulnerability in the implementation of the virtual fragmentation reassembly VFR feature for IP version 6 IPv6 in Cisco IOS Software could allow an unauthenticated, remote attacker to cause an affected device to hang or reload, resulting in a denial of service DoS condition. The vulnerability is...

tcp(port&seq) backdoor

Автор: slashd Что это? Реализации скрытого канала передачи данных на сервер с помощью стандартных полейв нашем случае поля SEQ и Source Port TCP-заголовка. Теоритическая часть. Реализовать скрытую передачу данных с помощью TCP-заголовка можно несколькими способами. Клиентхакер иницирующий...

Amazon Linux AMI : kernel (ALAS-2011-26)

IPv6 fragment identification value generation could allow a remote attacker to disrupt a target system's networking, preventing legitimate users from accessing its services. CVE-2011-2699 , Important A signedness issue was found in the Linux kernel's CIFS Common Internet File System implementatio...

Immunity Canvas: NGINX_CHUNK

Name| nginxchunk ---|--- CVE| cve-2013-2028 Exploit Pack| CANVAS Description| Nginx Chunked Encoding Exploit Notes| CVE Name: cve-2013-2028 VENDOR: Nginx Repeatability: The repeatability of this exploit depends on the number of nginx worker processes configured in conf/nginx.conf; the default is ...

Unchecked Buffer in Microchip TCP/IP Stack Could Allow Remote Code Execution

Unchecked Buffer in Microchip TCP/IP Stack Could Allow Remote Code Execution ============================= ==== General Information ==== ============================= == Executive Summary == The function TCPIPIPV6ProcessFragmentationHeader does not correctly validate the "fragment offset" field i...

[IPv6 Toolkit v1.3.4] A security assessment and troubleshooting tool for the IPv6 protocols

A security assessment and troubleshooting tool for the IPv6 protocols. The SI6 Networks’ IPv6 toolkit is a set of IPv6 security/trouble-shooting tools, that can send arbitrary IPv6-based packets. Changelog v1.3.4 IPv6-host tracking support in the scan6 tool. A new tool, address6, to analyze IPv6...

Moderate: Red Hat Security Advisory: kernel security and bug fix update

Updated kernel packages that fix several security issues and three bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

[Snort 2.9.4.1] Network Intrusion Detection System

Snort is a free and open source network intrusion prevention system NIPS and network intrusion detection system NIDS . Snort having the ability to perform real-time traffic analysis and packet logging on Internet Protocol IP networks. Snort performs protocol analysis, content searching, and conte...

[IPv6 Toolkit v1.3] Security Assessment and Troubleshooting Tool for the IPv6 Protocols

A security assessment and troubleshooting tool for the IPv6 protocols. The SI6 Networks’ IPv6 toolkit is a set of IPv6 security/trouble-shooting tools, that can send arbitrary IPv6-based packets. Supported platforms The following platforms are supported: FreeBSD, NetBSD, OpenBSD, Linux, and Mac O...

Linux kernel ipv6分片拒绝服务漏洞(CVE-2012-4444)

CVE ID:CVE-2012-4444 Linux是一款开源的操作系统。 Linux Kernel net/ipv6/reassembly.c中的ip6fragqueue函数处理重叠分片存在安全漏洞，攻击者可利用此漏洞绕过目标防火墙安全限制，访问未授权资源。 0 Linux kernel 2.6.36之前版本 厂商解决方案 用户可参考如下厂商提供的安全公告获得补丁信息： https://github.com/torvalds/linux/commit/70789d7052239992824628db8133de08dc78e593...

kernel: net: acceptation of overlapping ipv6 fragments

The ip6fragqueue function in net/ipv6/reassembly.c in the Linux kernel before 2.6.36 allows remote attackers to bypass intended network restrictions via overlapping IPv6 fragments...

CVE-2012-4445

Heap-based buffer overflow in the eapservertlsprocessfragment function in eapservertlscommon.c in the EAP authentication server in hostapd 0.6 through 1.0 allows remote attackers to cause a denial of service crash or abort via a small "TLS Message Length" value in an EAP-TLS message with the "Mor...

Scientific Linux Security Update : kernel on SL6.x i386/x86_64

The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : - IPv6 fragment identification value generation could allow a remote attacker to disrupt a target system's networking, preventing legitimate users from accessing...

Design/Logic Flaw

The udp6ufofragment function in net/ipv6/udp.c in the Linux kernel before 2.6.39, when a certain UDP Fragmentation Offload UFO configuration is enabled, allows remote attackers to cause a denial of service system crash by sending fragmented IPv6 UDP packets to a bridge device...

CVE-2011-4007

Cisco IOS 15.0 and 15.1 and IOS XE 3.x do not properly handle the "set mpls experimental imposition" command, which allows remote attackers to cause a denial of service device crash via network traffic that triggers 1 fragmentation or 2 reassembly, aka Bug ID CSCtr56576...

CVE-2011-4007

Cisco IOS 15.0 and 15.1 and IOS XE 3.x do not properly handle the "set mpls experimental imposition" command, which allows remote attackers to cause a denial of service device crash via network traffic that triggers 1 fragmentation or 2 reassembly, aka Bug ID CSCtr56576...

kernel: wrong headroom check in udp6_ufo_fragment()

The udp6ufofragment function in net/ipv6/udp.c in the Linux kernel before 2.6.39, when a certain UDP Fragmentation Offload UFO configuration is enabled, allows remote attackers to cause a denial of service system crash by sending fragmented IPv6 UDP packets to a bridge device...

Important: Red Hat Security Advisory: kernel-rt security and bug fix update

Updated kernel-rt packages that fix several security issues and two bugs are now available for Red Hat Enterprise MRG 2.0. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severi...

Sourcefire Snort Packet Fragmentation Reassembly Denial of Service (CVE-2007-1398)

A denial of service vulnerability has been reported in Sourcefire Snort. The vulnerability is due to an error in Snort Intrusion Detection System when it reassembles fragmented packets. A remote attacker may exploit this vulnerability by sending malicious packets over UDP to an affected service...