CVE-2008-3530: Input Validation
First published: Fri Sep 05 2008(Updated: )
sys/netinet6/icmp6.c in the kernel in FreeBSD 6.3 through 7.1, NetBSD 3.0 through 4.0, and possibly other operating systems does not properly check the proposed new MTU in an ICMPv6 Packet Too Big Message, which allows remote attackers to cause a denial of service (panic) via a crafted Packet Too Big Message.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| FreeBSD Kernel | =6.3 | |
| FreeBSD Kernel | =7.0 | |
| FreeBSD Kernel | =7.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://security.freebsd.org/advisories/FreeBSD-SA-08:09.icmp6.asc
- http://www.securityfocus.com/bid/31004
- http://secunia.com/advisories/31745
- http://www.securitytracker.com/id?1020820
- http://secunia.com/advisories/32401
- http://www.securitytracker.com/id?1021111
- http://support.apple.com/kb/HT3467
- http://www.vupen.com/english/advisories/2009/0633
- http://support.apple.com/kb/HT3549
- http://www.vupen.com/english/advisories/2009/1297
- http://secunia.com/advisories/35074
- http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
- http://www.us-cert.gov/cas/techalerts/TA09-133A.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44908
Frequently Asked Questions
What is the severity of CVE-2008-3530?
CVE-2008-3530 is classified as a high severity vulnerability due to its ability to cause a denial of service.
How do I fix CVE-2008-3530?
To fix CVE-2008-3530, upgrade to FreeBSD versions 7.2 or later, which include patches for this vulnerability.
What systems are affected by CVE-2008-3530?
CVE-2008-3530 affects FreeBSD versions 6.3 through 7.1 and potentially other operating systems.
Can CVE-2008-3530 be exploited remotely?
Yes, CVE-2008-3530 can be exploited remotely by attackers sending a crafted ICMPv6 Packet Too Big message.
What impact does CVE-2008-3530 have on systems?
CVE-2008-3530 can lead to system panic, resulting in denial of service and potential downtime.
- agent/type
- agent/references
- agent/remedy
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/author
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/freebsd
- canonical/freebsd kernel
- version/freebsd kernel/6.3
- version/freebsd kernel/7.0
- version/freebsd kernel/7.1