Details of VAR-200809-0196

ID

VAR-200809-0196

CVE

CVE-2008-3584

TITLE

NetBSD Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2008-002305

DESCRIPTION

NetBSD 3.0, 3.1, and 4.0, when a pppoe instance exists, does not properly check the length of a PPPoE packet tag, which allows remote attackers to cause a denial of service (system crash) via a crafted PPPoE packet. NetBSD is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to crash the affected computer, denying service to legitimate users. Given the nature of this issue, remote code execution may be possible, but this has not been confirmed. ---------------------------------------------------------------------- Want a new job? http://secunia.com/secunia_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/ ---------------------------------------------------------------------- TITLE: NetBSD PPPoE Packet Processing Tag Length Vulnerability SECUNIA ADVISORY ID: SA31597 VERIFY ADVISORY: http://secunia.com/advisories/31597/ CRITICAL: Less critical IMPACT: DoS, System access WHERE: >From local network OPERATING SYSTEM: NetBSD 3.1 http://secunia.com/product/16089/ DESCRIPTION: A vulnerability has been reported in NetBSD, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. The vulnerability is caused due incorrect length check when processing tags within a PPPoE packet. This can be exploited to e.g. crash the kernel by sending a specially crafted PPPoE packet to a vulnerable system. Successful exploitation requires that a PPPoE interface has been created (e.g. via ""ifconfig pppoe0 create") and the attacker can send PPPoE packets to the affected system. The vulnerability is reported in NetBSD version 3.0, 3.1, and 4.0. SOLUTION: Fixed in the CVS repository. See vendor advisory for details. PROVIDED AND/OR DISCOVERED BY: The vendor credits Yasuoka Masahiko, Internet Initiative Japan Inc ORIGINAL ADVISORY: ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-010.txt.asc ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.98

sources: NVD: CVE-2008-3584 // JVNDB: JVNDB-2008-002305 // BID: 30838 // PACKETSTORM: 69405

AFFECTED PRODUCTS

vendor:	netbsd	model:	netbsd	scope:	eq	version:	4.0	Trust: 2.7
vendor:	netbsd	model:	netbsd	scope:	eq	version:	3.1	Trust: 2.7
vendor:	netbsd	model:	netbsd	scope:	eq	version:	3.0	Trust: 2.4
vendor:	apple	model:	airmac express	scope:	eq	version:	base station	Trust: 0.8
vendor:	apple	model:	airmac extreme	scope:	eq	version:	base station	Trust: 0.8
vendor:	apple	model:	time capsule	scope:	-	version:	-	Trust: 0.8
vendor:	netbsd	model:	netbsd	scope:	eq	version:	3.0.2	Trust: 0.3
vendor:	netbsd	model:	netbsd	scope:	eq	version:	3.0.1	Trust: 0.3
vendor:	netbsd	model:	current	scope:	-	version:	-	Trust: 0.3
vendor:	navision	model:	financials server	scope:	eq	version:	3.0	Trust: 0.3

sources: BID: 30838 // JVNDB: JVNDB-2008-002305 // CNNVD: CNNVD-200809-115 // NVD: CVE-2008-3584

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2008-3584
value:	HIGH
Trust: 1.0
NVD:	CVE-2008-3584
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-200809-115
value:	CRITICAL
Trust: 0.6

nvd@nist.gov:	CVE-2008-3584
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

sources: JVNDB: JVNDB-2008-002305 // CNNVD: CNNVD-200809-115 // NVD: CVE-2008-3584

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.8

sources: JVNDB: JVNDB-2008-002305 // NVD: CVE-2008-3584

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200809-115

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-200809-115

CONFIGURATIONS

sources: JVNDB: JVNDB-2008-002305

PATCH

title:	HT3467	url:	http://support.apple.com/kb/HT3467	Trust: 0.8
title:	HT3467	url:	http://support.apple.com/kb/HT3467?viewlocale=ja_JP	Trust: 0.8
title:	NetBSD-SA2008-010	url:	ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-010.txt.asc	Trust: 0.8

sources: JVNDB: JVNDB-2008-002305

EXTERNAL IDS

db:	NVD	id:	CVE-2008-3584	Trust: 2.7
db:	SECUNIA	id:	31597	Trust: 2.5
db:	VUPEN	id:	ADV-2009-0633	Trust: 2.4
db:	BID	id:	30838	Trust: 1.9
db:	SECTRACK	id:	1020749	Trust: 1.6
db:	XF	id:	44679	Trust: 1.4
db:	JVNDB	id:	JVNDB-2008-002305	Trust: 0.8
db:	NETBSD	id:	NETBSD-SA2008-010	Trust: 0.6
db:	CNNVD	id:	CNNVD-200809-115	Trust: 0.6
db:	PACKETSTORM	id:	69405	Trust: 0.1

sources: BID: 30838 // JVNDB: JVNDB-2008-002305 // PACKETSTORM: 69405 // CNNVD: CNNVD-200809-115 // NVD: CVE-2008-3584

REFERENCES

url:	http://secunia.com/advisories/31597	Trust: 2.4
url:	http://www.vupen.com/english/advisories/2009/0633	Trust: 2.4
url:	http://www.securitytracker.com/id?1020749	Trust: 1.6
url:	http://www.securityfocus.com/bid/30838	Trust: 1.6
url:	http://support.apple.com/kb/ht3467	Trust: 1.6
url:	ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2008-010.txt.asc	Trust: 1.6
url:	http://xforce.iss.net/xforce/xfdb/44679	Trust: 1.4
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/44679	Trust: 1.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3584	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-3584	Trust: 0.8
url:	http://www.netbsd.org/	Trust: 0.3
url:	http://secunia.com/advisories/31597/	Trust: 0.1
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/hardcore_disassembler_and_reverse_engineer/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/secunia_security_specialist/	Trust: 0.1
url:	http://secunia.com/product/16089/	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1

sources: BID: 30838 // JVNDB: JVNDB-2008-002305 // PACKETSTORM: 69405 // CNNVD: CNNVD-200809-115 // NVD: CVE-2008-3584

CREDITS

Yasuoka Masahiko

Trust: 0.6

sources: CNNVD: CNNVD-200809-115

SOURCES

db:	BID	id:	30838
db:	JVNDB	id:	JVNDB-2008-002305
db:	PACKETSTORM	id:	69405
db:	CNNVD	id:	CNNVD-200809-115
db:	NVD	id:	CVE-2008-3584

LAST UPDATE DATE

2025-04-10T21:43:16.850000+00:00

SOURCES UPDATE DATE

db:	BID	id:	30838	date:	2015-05-07T17:24:00
db:	JVNDB	id:	JVNDB-2008-002305	date:	2009-04-06T00:00:00
db:	CNNVD	id:	CNNVD-200809-115	date:	2009-03-25T00:00:00
db:	NVD	id:	CVE-2008-3584	date:	2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:	BID	id:	30838	date:	2008-08-26T00:00:00
db:	JVNDB	id:	JVNDB-2008-002305	date:	2009-04-06T00:00:00
db:	PACKETSTORM	id:	69405	date:	2008-08-27T01:35:56
db:	CNNVD	id:	CNNVD-200809-115	date:	2008-08-26T00:00:00
db:	NVD	id:	CVE-2008-3584	date:	2008-09-11T21:06:44.697