Title: OpenBSD 'getsockopt(2)' NULL Pointer Dereference Remote Denial of Service Vulnerability
Severity: MODERATE
Description:
OpenBSD is prone to a remote denial-of-service vulnerability because of a NULL-pointer dereference error. This issue occurs in the 'ip_ctloutput()' function of the 'sys/netinet/ip_output.c' source file and the 'ip6_ctloutput()' function of the '/sys/netinet6/ip6_output.c' source file.
This issue can be triggered using the 'getsockopt(2)' function with any of the following options:
IP_AUTH_LEVEL
IP_ESP_TRANS_LEVEL
IP_ESP_NETWORK_LEVEL
IP_IPCOMP_LEVEL
Attackers can exploit this issue to crash the kernel.
This issue affects OpenBSD 4.6 and earlier.
Affected Products:
- OpenBSD OpenBSD 2.1.0
- OpenBSD OpenBSD 2.2.0
- OpenBSD OpenBSD 2.3.0
- OpenBSD OpenBSD 2.4.0
- OpenBSD OpenBSD 2.5.0
- OpenBSD OpenBSD 2.6.0
- OpenBSD OpenBSD 2.7.0
- OpenBSD OpenBSD 2.8.0
- OpenBSD OpenBSD 2.9.0
- OpenBSD OpenBSD 3.0
- OpenBSD OpenBSD 3.1
- OpenBSD OpenBSD 3.2
- OpenBSD OpenBSD 3.3
- OpenBSD OpenBSD 3.4
- OpenBSD OpenBSD 3.5
- OpenBSD OpenBSD 3.6
- OpenBSD OpenBSD 3.7
- OpenBSD OpenBSD 3.8
- OpenBSD OpenBSD 3.9
- OpenBSD OpenBSD 4.0
- OpenBSD OpenBSD 4.1
- OpenBSD OpenBSD 4.2
- OpenBSD OpenBSD 4.3
- OpenBSD OpenBSD 4.4
- OpenBSD OpenBSD 4.5
- OpenBSD OpenBSD 4.6
References:
- OpenBSD: OpenBSD Errata Page
- OpenBSD: OpenBSD Homepage
- Theo de Raadt: CVS: cvs.openbsd.org: src sys/netinet6 : ip6_output.c
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
