cbcvebase.
CVE-2008-0177
published 2008-02-07

CVE-2008-0177: The ipcomp6_input function in sys/netinet6/ipcomp_input.c in the KAME project before 20071201 does not properly check the return value of the m_pulldown…

PriorityP343high7.8CVSS 2.0
AVNACLAuNCNINAC
EXPLOIT
EPSS
15.54%
96.4th percentile
The ipcomp6_input function in sys/netinet6/ipcomp_input.c in the KAME project before 20071201 does not properly check the return value of the m_pulldown function, which allows remote attackers to cause a denial of service (system crash) via an IPv6 packet with an IPComp header.

Detection & IOCsextracted from sources · hover to see the quote

urlhttp://security.FreeBSD.org/patches/SA-08:04/ipsec.patch
pathsys/netinet6/ipcomp_input.c
pathbsd/netinet6/ipcomp_input.c
bytes
\x60\x00\x00\x00\x00\x00\x6c\x66 (IPv6 packet with plen=0 and next header=0x6c/IPComp)
  • Detect crafted IPv6 packets with next-header field set to 0x6c (IPComp, decimal 108) and a payload length of 0, which is the exact packet shape used by the PoC to trigger the NULL pointer dereference panic.
  • A single specifically crafted IPv6 packet with an IPComp header is sufficient to panic a vulnerable kernel; monitor for unexpected kernel panics on systems with IPSEC compiled in and IPv6 enabled.
  • The vulnerability is only reachable when IPSEC is compiled into the kernel; triage affected hosts by checking kernel configuration for IPSEC support before prioritising response.
  • ·FreeBSD GENERIC and SMP kernel configurations shipped with releases do NOT include IPsec support and are therefore not vulnerable; only custom kernels with IPSEC compiled in are at risk.
  • ·Multiple BSD-derived operating systems are affected beyond FreeBSD 5.5, including NetBSD 3.1 and FreeBSD 4.9.0; scope detection and patching accordingly.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.