CVE-2009-0687 - OpenCVE

The pf_test_rule function in OpenBSD Packet Filter (PF), as used in OpenBSD 4.2 through 4.5, NetBSD 5.0 before RC3, MirOS 10 and earlier, and MidnightBSD 0.3-current allows remote attackers to cause a denial of service (panic) via crafted IP packets that trigger a NULL pointer dereference during translation, related to an IPv4 packet with an ICMPv6 payload.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:N/AC:L/Au:N/C:N/I:N/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Openbsd	Openbsd
Mirbsd	Miros
Netbsd	Netbsd
Midnightbsd	Midnightbsd

Configuration 1 [-]

OR	cpe:2.3:o:midnightbsd:midnightbsd:0.3-current:::::::*
	cpe:2.3:o:mirbsd:miros::::::::
	cpe:2.3:o:netbsd:netbsd:5.0:::::::*
	cpe:2.3:o:openbsd:openbsd:4.2:::::::*
	cpe:2.3:o:openbsd:openbsd:4.3:::::::*
	cpe:2.3:o:openbsd:openbsd:4.4:::::::*
	cpe:2.3:o:openbsd:openbsd:4.5:::::::*

References

Link	Resource
ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.3/common/013_pf.patch	Patch Vendor Advisory
http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-001.txt.asc	Vendor Advisory
http://www.helith.net/txt/multiple_vendor-PF_null_pointer_dereference.txt
http://www.openbsd.org/errata43.html#013_pf	Patch Vendor Advisory
http://www.openbsd.org/errata44.html#013_pf	Patch Vendor Advisory
http://www.openbsd.org/errata45.html#002_pf	Patch Vendor Advisory
http://www.osvdb.org/53608
http://www.securityfocus.com/archive/1/502634
http://www.vupen.com/english/advisories/2009/1015	Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/49837
https://www.exploit-db.com/exploits/8406
https://www.exploit-db.com/exploits/8581

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: certcc

Published: 2009-08-11T10:00:00

Updated: 2017-09-28T12:57:01

Reserved: 2009-02-22T00:00:00

Link: CVE-2009-0687

JSON object: View

NVD Information

Status : Modified

Published: 2009-08-11T10:30:00.217

Modified: 2017-09-29T01:33:57.933

Link: CVE-2009-0687

JSON object: View

Redhat Information

No data.

CWE

CWE-399

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-04-11T00:00:00", "descriptions": [{"lang": "en", "value": "The pf_test_rule function in OpenBSD Packet Filter (PF), as used in OpenBSD 4.2 through 4.5, NetBSD 5.0 before RC3, MirOS 10 and earlier, and MidnightBSD 0.3-current allows remote attackers to cause a denial of service (panic) via crafted IP packets that trigger a NULL pointer dereference during translation, related to an IPv4 packet with an ICMPv6 payload."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-28T12:57:01", "orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc"}, "references": [{"name": "53608", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/53608"}, {"name": "[4.3] 013: RELIABILITY FIX: April 11, 2009", "tags": ["vendor-advisory", "x_refsource_OPENBSD"], "url": "http://www.openbsd.org/errata43.html#013_pf"}, {"name": "NetBSD-SA2009-001", "tags": ["vendor-advisory", "x_refsource_NETBSD"], "url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-001.txt.asc"}, {"name": "8406", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/8406"}, {"name": "openbsd-packetfilter-dos(49837)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49837"}, {"tags": ["x_refsource_MISC"], "url": "http://www.helith.net/txt/multiple_vendor-PF_null_pointer_dereference.txt"}, {"name": "20090413 OpenBSD 4.3 up to OpenBSD-current: PF null pointer dereference - remote DoS (kernel panic)", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/502634"}, {"name": "8581", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/8581"}, {"name": "[4.4] 013: RELIABILITY FIX: April 11, 2009", "tags": ["vendor-advisory", "x_refsource_OPENBSD"], "url": "http://www.openbsd.org/errata44.html#013_pf"}, {"name": "ADV-2009-1015", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2009/1015"}, {"tags": ["x_refsource_MISC"], "url": "ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.3/common/013_pf.patch"}, {"name": "[4.5] 002: RELIABILITY FIX: April 11, 2009", "tags": ["vendor-advisory", "x_refsource_OPENBSD"], "url": "http://www.openbsd.org/errata45.html#002_pf"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cert@cert.org", "ID": "CVE-2009-0687", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The pf_test_rule function in OpenBSD Packet Filter (PF), as used in OpenBSD 4.2 through 4.5, NetBSD 5.0 before RC3, MirOS 10 and earlier, and MidnightBSD 0.3-current allows remote attackers to cause a denial of service (panic) via crafted IP packets that trigger a NULL pointer dereference during translation, related to an IPv4 packet with an ICMPv6 payload."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "53608", "refsource": "OSVDB", "url": "http://www.osvdb.org/53608"}, {"name": "[4.3] 013: RELIABILITY FIX: April 11, 2009", "refsource": "OPENBSD", "url": "http://www.openbsd.org/errata43.html#013_pf"}, {"name": "NetBSD-SA2009-001", "refsource": "NETBSD", "url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-001.txt.asc"}, {"name": "8406", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/8406"}, {"name": "openbsd-packetfilter-dos(49837)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49837"}, {"name": "http://www.helith.net/txt/multiple_vendor-PF_null_pointer_dereference.txt", "refsource": "MISC", "url": "http://www.helith.net/txt/multiple_vendor-PF_null_pointer_dereference.txt"}, {"name": "20090413 OpenBSD 4.3 up to OpenBSD-current: PF null pointer dereference - remote DoS (kernel panic)", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/502634"}, {"name": "8581", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/8581"}, {"name": "[4.4] 013: RELIABILITY FIX: April 11, 2009", "refsource": "OPENBSD", "url": "http://www.openbsd.org/errata44.html#013_pf"}, {"name": "ADV-2009-1015", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/1015"}, {"name": "ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.3/common/013_pf.patch", "refsource": "MISC", "url": "ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.3/common/013_pf.patch"}, {"name": "[4.5] 002: RELIABILITY FIX: April 11, 2009", "refsource": "OPENBSD", "url": "http://www.openbsd.org/errata45.html#002_pf"}]}}}}, "cveMetadata": {"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "assignerShortName": "certcc", "cveId": "CVE-2009-0687", "datePublished": "2009-08-11T10:00:00", "dateReserved": "2009-02-22T00:00:00", "dateUpdated": "2017-09-28T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:midnightbsd:midnightbsd:0.3-current:*:*:*:*:*:*:*", "matchCriteriaId": "0BB266CE-0E06-4094-AE00-0ADBD2364F22", "vulnerable": true}, {"criteria": "cpe:2.3:o:mirbsd:miros:*:*:*:*:*:*:*:*", "matchCriteriaId": "A6A4B5B9-C443-4A85-852D-F3B71732BCDA", "versionEndIncluding": "10", "vulnerable": true}, {"criteria": "cpe:2.3:o:netbsd:netbsd:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "00564BAA-066A-4627-B6A8-78724E55D363", "vulnerable": true}, {"criteria": "cpe:2.3:o:openbsd:openbsd:4.2:*:*:*:*:*:*:*", "matchCriteriaId": "9DF8DD37-A337-4E9D-A34E-C2D561A24285", "vulnerable": true}, {"criteria": "cpe:2.3:o:openbsd:openbsd:4.3:*:*:*:*:*:*:*", "matchCriteriaId": "F12313A0-1EAF-4652-9AB1-799171CFFEA9", "vulnerable": true}, {"criteria": "cpe:2.3:o:openbsd:openbsd:4.4:*:*:*:*:*:*:*", "matchCriteriaId": "89CA041B-4153-43C7-BA69-D6052F4EBEEB", "vulnerable": true}, {"criteria": "cpe:2.3:o:openbsd:openbsd:4.5:*:*:*:*:*:*:*", "matchCriteriaId": "B32BB973-60E5-402B-83FE-547786BC7A57", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The pf_test_rule function in OpenBSD Packet Filter (PF), as used in OpenBSD 4.2 through 4.5, NetBSD 5.0 before RC3, MirOS 10 and earlier, and MidnightBSD 0.3-current allows remote attackers to cause a denial of service (panic) via crafted IP packets that trigger a NULL pointer dereference during translation, related to an IPv4 packet with an ICMPv6 payload."}, {"lang": "es", "value": "La funci\u00f3n pf_test_rule de OpenBSD Packet Filter (PF), tal como es usada en OpenBSD v4.2 hasta v4.5, NetBSD v5.0 anterior a RC3, MirOS v10 y anteriores y MidnightBSD v0.3 hasta la versi\u00f3n actual permite a atacantes remotos causar una denegaci\u00f3n de servicio a trav\u00e9s de paquetes IP modificados que provocan una \"desreferencia\" de un puntero nulo relacionada con un paquete IPv4 con datos (\"payload\") ICMPv6."}], "id": "CVE-2009-0687", "lastModified": "2017-09-29T01:33:57.933", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-08-11T10:30:00.217", "references": [{"source": "cret@cert.org", "tags": ["Patch", "Vendor Advisory"], "url": "ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.3/common/013_pf.patch"}, {"source": "cret@cert.org", "tags": ["Vendor Advisory"], "url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-001.txt.asc"}, {"source": "cret@cert.org", "url": "http://www.helith.net/txt/multiple_vendor-PF_null_pointer_dereference.txt"}, {"source": "cret@cert.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.openbsd.org/errata43.html#013_pf"}, {"source": "cret@cert.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.openbsd.org/errata44.html#013_pf"}, {"source": "cret@cert.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.openbsd.org/errata45.html#002_pf"}, {"source": "cret@cert.org", "url": "http://www.osvdb.org/53608"}, {"source": "cret@cert.org", "url": "http://www.securityfocus.com/archive/1/502634"}, {"source": "cret@cert.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2009/1015"}, {"source": "cret@cert.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49837"}, {"source": "cret@cert.org", "url": "https://www.exploit-db.com/exploits/8406"}, {"source": "cret@cert.org", "url": "https://www.exploit-db.com/exploits/8581"}], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-399"}], "source": "nvd@nist.gov", "type": "Primary"}]}