Vulnerabilities > CVE-2004-0257 - Remote Denial Of Service vulnerability in BSD ICMPV6 Handling Routines
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
OpenBSD 3.4 and NetBSD 1.6 and 1.6.1 allow remote attackers to cause a denial of service (crash) by sending an IPv6 packet with a small MTU to a listening port and then issuing a TCP connect to that port.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 2 | |
OS | 5 |
References
- ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-002.txt.asc
- http://lists.grok.org.uk/pipermail/full-disclosure/2004-February/016704.html
- http://marc.info/?l=bugtraq&m=107604603226564&w=2
- http://www.guninski.com/obsdmtu.html
- http://www.openbsd.org/cgi-bin/cvsweb/src/sys/netinet6/ip6_output.c
- http://www.osvdb.org/3825
- http://www.securityfocus.com/bid/9577
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15044