FreeBSD : FreeBSD -- SCTP ICMPv6 error message vulnerability (78f06a6c-600a-11e6-a6c3-14dae9d210b8)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

A lack of proper input checks in the ICMPv6 processing in the SCTP
stack can lead to either a failed kernel assertion or to a NULL
pointer dereference. In either case, a kernel panic will follow.
Impact : A remote, unauthenticated attacker can reliably trigger a
kernel panic in a vulnerable system running IPv6. Any kernel compiled
with both IPv6 and SCTP support is vulnerable. There is no requirement
to have an SCTP socket open.

IPv4 ICMP processing is not impacted by this vulnerability.

See also :

http://www.nessus.org/u?c988282d

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 92915 ()

Bugtraq ID:

CVE ID: CVE-2016-1879

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now