Search
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

De la Théorie à la pratique











Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Vigil@nce - OpenBSD: denial of service via PIPEX

December 2014 by Vigil@nce

This bulletin was written by Vigil@nce : http://vigilance.fr/offer

SYNTHESIS OF THE VULNERABILITY

An attacker can send a malicious PIPEX packet to OpenBSD, in order to trigger a denial of service.

Impacted products: OpenBSD

Severity: 2/4

Creation date: 05/12/2014

DESCRIPTION OF THE VULNERABILITY

The OpenBSD product implements the PIPEX (PPP IP EXtension) extension, which is enabled with net.pipex.enable.

However, when a malicious packet is received, a fatal error occurs in pipex_common_input(), pipex_pptp_lookup_session() or pipex_mppe_input().

An attacker can therefore send a malicious PIPEX packet to OpenBSD, in order to trigger a denial of service.

ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN

http://vigilance.fr/vulnerability/O...




See previous articles

    

See next articles