SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Security)  >   Kaspersky Internet Security Vendors:   Kaspersky Lab
Kaspersky Internet Security IPv6 Processing Bug Lets Remote Users Deny Service
SecurityTracker Alert ID:  1028244
SecurityTracker URL:  http://securitytracker.com/id/1028244
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Updated:  Mar 5 2013
Original Entry Date:  Mar 4 2013
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 2013
Description:   A vulnerability was reported in Kaspersky Internet Security. A remote user can cause denial of service conditions.

A remote user can send a specially crafted fragmented IPv6 packet to cause the target system to freeze.

The Kaspersky Anti-Virus NDIS 6 Filter is affected.

The vendor was notified on January 21, 2013 without response.

Marc Heuse reported this vulnerability.

Impact:   A remote user can cause the target system to freeze.
Solution:   The vendor has issued a fix, available from customer support.

The fix to be available via automatic update is pending.

Vendor URL:  www.kaspersky.com/ (Links to External Site)
Cause:   State error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  Remote system freeze thanks to Kaspersky Internet Security 2013

I usually do not write security advisories unless absolutely necessary.

This time I should, however I have neither the time, nor the desire to
do so.
But Kaspersky did not react, so ... quick and dirty:

Kaspersky Internet Security 2013 (and any other Kaspersky product which
includes the firewall funcionality) is susceptible to a remote system
freeze.
As of the 3rd March 2013, the bug is still unfixed.

If IPv6 connectivity to a victim is possible (which is always the case
on local networks), a fragmented packet with multiple but one large
extension header leads to a complete freeze of the operating system.
No log message or warning window is generated, nor is the system able to
perform any task.

To test:
  1. download the thc-ipv6 IPv6 protocol attack suite for Linux from
www.thc.org/thc-ipv6
  2. compile the tools with "make"
  3. run the following tool on the target:
	firewall6 <interface> <target> <port> 19
     where interface is the network interface (e.g. eth0)
           target is the IPv6 address of the victim (e.g. ff02::1)
           port is any tcp port, doesnt matter which (e.g. 80)
       and 19 is the test case number.
     The test case numbers 18, 19, 20 and 21 lead to a remote system freeze.

Solution: Remove the Kaspersky Anti-Virus NDIS 6 Filter from all network
interfaces or uninstall the Kaspersky software until a fix is provided.

The bug was reported to Kaspersky first on the 21st January 2013, then
reminded on the 14th Feburary 2013.
No feedback was given by Kaspersky, and the reminder contained a warning
that without feedback the bug would be disclosed on this day. So here we
are.

Greets,
Marc Heuse

--
Marc Heuse
www.mh-sec.de

PGP: FEDD 5B50 C087 F8DF 5CB9  876F 7FDD E533 BF4F 891A
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC