FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2008-3530

This CVE name corresponds to:

Entered Topic
2008-09-05 FreeBSD -- Remote kernel panics on IPv6 connections

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2008-3530 at cve.mitre.org

Details

Type Candidate
Name CVE-2008-3530
Phase Assigned(20080807)

Description

sys/netinet6/icmp6.c in the kernel in FreeBSD 6.3 through 7.1, NetBSD 3.0 through 4.0, and possibly other operating systems does not properly check the proposed new MTU in an ICMPv6 Packet Too Big Message, which allows remote attackers to cause a denial of service (panic) via a crafted Packet Too Big Message.

References

Source Reference
CONFIRM http://support.apple.com/kb/HT3467
CONFIRM http://support.apple.com/kb/HT3549
APPLE APPLE-SA-2009-05-12
FREEBSD FreeBSD-SA-08:09
NETBSD NetBSD-SA2008-015
CERT TA09-133A
BID 31004
SECTRACK 1020820
SECTRACK 1021111
SECUNIA 31745
SECUNIA 32401
SECUNIA 35074
VUPEN ADV-2009-0633
VUPEN ADV-2009-1297
XF freebsd-icmp6mtudiscupdate-dos(44908)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.