CVE Vulnerability

CVE-2007-1365

Buffer overflow in kern/uipc_mbuf2.c in OpenBSD 3.9 and 4.0 allows remote attackers to execute arbitrary code via fragmented IPv6 packets due to "incorrect mbuf handling for ICMP6 packets." NOTE: this was originally reported as a denial of service.

10 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 10

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

Scope

References
Link Resource
http://www.openbsd.org/errata39.html#m_dup1 Patch
http://www.openbsd.org/errata40.html#m_dup1
http://securitytracker.com/id?1017735
http://www.coresecurity.com/?action=item&id=1703
http://www.securityfocus.com/bid/22901
http://www.securitytracker.com/id?1017744
http://secunia.com/advisories/24490 Vendor Advisory
http://www.kb.cert.org/vuls/id/986425 US Government Resource
http://www.osvdb.org/33050
http://marc.info/?l=openbsd-cvs&m=117252151023868&w=2
Configurations

Configuration 1

cpe:2.3:o:openbsd:openbsd:3.9:*:*:*:*:*:*:*
cpe:2.3:o:openbsd:openbsd:4.0:*:*:*:*:*:*:*
Information

Published : 2007-03-10 09:19

Updated : 2016-10-18 03:43

NVD link : CVE-2007-1365

Mitre link : CVE-2007-1365

Products Affected
No products.
CWE
NVD-CWE-Other