SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Firewall)  >   Pf Vendors:   OpenBSD
OpenBSD pf(4) Packet Filter Function Can Be Crashed By Remote Users Sending Certain IPv6 ICMP Packets
SecurityTracker Alert ID:  1002749
SecurityTracker URL:  http://securitytracker.com/id/1002749
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Nov 14 2001
Impact:   Denial of service via network


Description:   OpenBSD reported a denial of service vulnerability in the pf packet filter function for OpenBSD. A remote user can cause the packet filter to crash.

It is reported that pf(4) does not properly process certain IPv6 icmp packets, allowing a remote user to send a specially crafted packet to the packet filter to cause the packet filter to crash.

The pf interface is a packet filter pseudo-device for IPv4 and IPv6 that was introduced in OpenBSD version 3.0.

Impact:   A remote user can cause the packet filter to crash.
Solution:   OpenBSD has issued a source code patch to fix the problem:

ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/006_pf.patch

Vendor URL:  www.openbsd.org/ (Links to External Site)
Cause:   State error
Underlying OS:  UNIX (OpenBSD)

Message History:   None.


 Source Message Contents

Subject:  OpenBSD pf(4) IPv6 ICMP Flaw


006: SECURITY FIX: November 13, 2001 

pf(4) was incapable of dealing with certain ipv6 icmp packets, resulting
in a crash.  The pf interface is a packet filter pseudo-device for IPv4
and IPv6.

A source code patch exists which remedies the problem:

ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/006_pf.patch


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC