Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

OpenBSD 4.3/4.4/4.5 (IP datagrams) Remote DOS Vulnerability

🗓️ 14 Apr 2009 00:00:00Reported by RootType 
seebug
 seebug🔗 www.seebug.org👁 11 Views

OpenBSD IP datagrams Remote DOS Vulnerability in OpenBSD 4.3/4.4/4.

Code

                                                                     _   _ _____ _     ___ _____ _   _
                   / / / / ____/ /   /  _/_  __/ / / /
                  / /_/ / __/ / /    / /  / / / /_/ /
                 / __  / /___/ /____/ /  / / / __  /
                /_/ /_/_____/_____/___/ /_/ /_/ /_/
                           Helith - 0815
--------------------------------------------------------------------------------

Author		 : Rembrandt
Date		 : 2009-04-09
Affected Software: OpenBSD Kernel
Affected OS	 : OpenBSD 4.{3,4,5}, OpenBSD-current
		   Propably older versions are affected as well
Type		 : Denial of Service

OSVDB		 : 
Milw0rm		 : 
CVE		 : 
ISS X-Force:	 : 
BID		 : 
Secunia		 : 34676 
VUPEN ID	 : 

Trying to fix it responsible and get in contact with the vendor:

-- OpenBSD --
Contacted 		2009-04-09 15:35 GMT+1
Patch avaiable		2009-04-11 23:43 UTC

We received no response nor a notification about an upcoming patch by
the developers.
-- END --

OpenBSDs PF firewall in OpenBSD 4.3 up to OpenBSD-current is prone to a 
remote Denial of Service during a null pointer dereference in relation with
special crafted IP datagrams. If the firewall handles such a packet the kernel
panics.


Steps to reproduce:

If you are behind a OpenBSD firewall this nmap scan should trigger the problem
and crash your firewall device:

nmap -sO $some_host_so_that_the_firewall_handles_the_packets

For more informations please do read the patch issued by OpenBSD.


Patches and Workaround:

Patches are provided for OpenBSD 4.3, 4.4, 4.5 (upcoming, release 1st of may)
and OpenBSD-current (via CVS only) and are avaiable at the errata website.
The developers provide hints for a workaround at their errata website too.

Kind regards,
Rembrandt

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
14 Apr 2009 00:00Current
7.1High risk
Vulners AI Score7.1
openbsdremote dosvulnerabilityip datagramskernelfirewall
11