CVE-2009-0687 - Vulnerability Details - OpenCVE

The pf_test_rule function in OpenBSD Packet Filter (PF), as used in OpenBSD 4.2 through 4.5, NetBSD 5.0 before RC3, MirOS 10 and earlier, and MidnightBSD 0.3-current allows remote attackers to cause a denial of service (panic) via crafted IP packets that trigger a NULL pointer dereference during translation, related to an IPv4 packet with an ICMPv6 payload.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.12333.

Key SSVC decision points have not yet been added.

Vendors	Products
Midnightbsd	Midnightbsd
Mirbsd	Miros
Netbsd	Netbsd
Openbsd	Openbsd

Configuration 1 [-]

OR	cpe:2.3:o:midnightbsd:midnightbsd:0.3-current:::::::*
	cpe:2.3:o:mirbsd:miros::::::::
	cpe:2.3:o:netbsd:netbsd:5.0:::::::*
	cpe:2.3:o:openbsd:openbsd:4.2:::::::*
	cpe:2.3:o:openbsd:openbsd:4.3:::::::*
	cpe:2.3:o:openbsd:openbsd:4.4:::::::*
	cpe:2.3:o:openbsd:openbsd:4.5:::::::*

No data.

No data.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.3/common/013_pf.patch
http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-001.txt.asc
http://www.helith.net/txt/multiple_vendor-PF_null_pointer_dereference.txt
http://www.openbsd.org/errata43.html#013_pf
http://www.openbsd.org/errata44.html#013_pf
http://www.openbsd.org/errata45.html#002_pf
http://www.osvdb.org/53608
http://www.securityfocus.com/archive/1/502634
http://www.vupen.com/english/advisories/2009/1015
https://exchange.xforce.ibmcloud.com/vulnerabilities/49837
https://www.exploit-db.com/exploits/8406
https://www.exploit-db.com/exploits/8581

History

No history.

MITRE

Status: PUBLISHED

Assigner: certcc

Published: 2009-08-11T10:00:00

Updated: 2024-08-07T04:40:05.296Z

Reserved: 2009-02-22T00:00:00

Link: CVE-2009-0687

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2009-08-11T10:30:00.217

Modified: 2025-04-09T00:30:58.490

Link: CVE-2009-0687

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-04-11T00:00:00", "descriptions": [{"lang": "en", "value": "The pf_test_rule function in OpenBSD Packet Filter (PF), as used in OpenBSD 4.2 through 4.5, NetBSD 5.0 before RC3, MirOS 10 and earlier, and MidnightBSD 0.3-current allows remote attackers to cause a denial of service (panic) via crafted IP packets that trigger a NULL pointer dereference during translation, related to an IPv4 packet with an ICMPv6 payload."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-28T12:57:01", "orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc"}, "references": [{"name": "53608", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/53608"}, {"name": "[4.3] 013: RELIABILITY FIX: April 11, 2009", "tags": ["vendor-advisory", "x_refsource_OPENBSD"], "url": "http://www.openbsd.org/errata43.html#013_pf"}, {"name": "NetBSD-SA2009-001", "tags": ["vendor-advisory", "x_refsource_NETBSD"], "url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-001.txt.asc"}, {"name": "8406", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/8406"}, {"name": "openbsd-packetfilter-dos(49837)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49837"}, {"tags": ["x_refsource_MISC"], "url": "http://www.helith.net/txt/multiple_vendor-PF_null_pointer_dereference.txt"}, {"name": "20090413 OpenBSD 4.3 up to OpenBSD-current: PF null pointer dereference - remote DoS (kernel panic)", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/502634"}, {"name": "8581", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/8581"}, {"name": "[4.4] 013: RELIABILITY FIX: April 11, 2009", "tags": ["vendor-advisory", "x_refsource_OPENBSD"], "url": "http://www.openbsd.org/errata44.html#013_pf"}, {"name": "ADV-2009-1015", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2009/1015"}, {"tags": ["x_refsource_MISC"], "url": "ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.3/common/013_pf.patch"}, {"name": "[4.5] 002: RELIABILITY FIX: April 11, 2009", "tags": ["vendor-advisory", "x_refsource_OPENBSD"], "url": "http://www.openbsd.org/errata45.html#002_pf"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cert@cert.org", "ID": "CVE-2009-0687", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The pf_test_rule function in OpenBSD Packet Filter (PF), as used in OpenBSD 4.2 through 4.5, NetBSD 5.0 before RC3, MirOS 10 and earlier, and MidnightBSD 0.3-current allows remote attackers to cause a denial of service (panic) via crafted IP packets that trigger a NULL pointer dereference during translation, related to an IPv4 packet with an ICMPv6 payload."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "53608", "refsource": "OSVDB", "url": "http://www.osvdb.org/53608"}, {"name": "[4.3] 013: RELIABILITY FIX: April 11, 2009", "refsource": "OPENBSD", "url": "http://www.openbsd.org/errata43.html#013_pf"}, {"name": "NetBSD-SA2009-001", "refsource": "NETBSD", "url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-001.txt.asc"}, {"name": "8406", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/8406"}, {"name": "openbsd-packetfilter-dos(49837)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49837"}, {"name": "http://www.helith.net/txt/multiple_vendor-PF_null_pointer_dereference.txt", "refsource": "MISC", "url": "http://www.helith.net/txt/multiple_vendor-PF_null_pointer_dereference.txt"}, {"name": "20090413 OpenBSD 4.3 up to OpenBSD-current: PF null pointer dereference - remote DoS (kernel panic)", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/502634"}, {"name": "8581", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/8581"}, {"name": "[4.4] 013: RELIABILITY FIX: April 11, 2009", "refsource": "OPENBSD", "url": "http://www.openbsd.org/errata44.html#013_pf"}, {"name": "ADV-2009-1015", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/1015"}, {"name": "ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.3/common/013_pf.patch", "refsource": "MISC", "url": "ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.3/common/013_pf.patch"}, {"name": "[4.5] 002: RELIABILITY FIX: April 11, 2009", "refsource": "OPENBSD", "url": "http://www.openbsd.org/errata45.html#002_pf"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T04:40:05.296Z"}, "title": "CVE Program Container", "references": [{"name": "53608", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/53608"}, {"name": "[4.3] 013: RELIABILITY FIX: April 11, 2009", "tags": ["vendor-advisory", "x_refsource_OPENBSD", "x_transferred"], "url": "http://www.openbsd.org/errata43.html#013_pf"}, {"name": "NetBSD-SA2009-001", "tags": ["vendor-advisory", "x_refsource_NETBSD", "x_transferred"], "url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-001.txt.asc"}, {"name": "8406", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/8406"}, {"name": "openbsd-packetfilter-dos(49837)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49837"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.helith.net/txt/multiple_vendor-PF_null_pointer_dereference.txt"}, {"name": "20090413 OpenBSD 4.3 up to OpenBSD-current: PF null pointer dereference - remote DoS (kernel panic)", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/502634"}, {"name": "8581", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/8581"}, {"name": "[4.4] 013: RELIABILITY FIX: April 11, 2009", "tags": ["vendor-advisory", "x_refsource_OPENBSD", "x_transferred"], "url": "http://www.openbsd.org/errata44.html#013_pf"}, {"name": "ADV-2009-1015", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2009/1015"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.3/common/013_pf.patch"}, {"name": "[4.5] 002: RELIABILITY FIX: April 11, 2009", "tags": ["vendor-advisory", "x_refsource_OPENBSD", "x_transferred"], "url": "http://www.openbsd.org/errata45.html#002_pf"}]}]}, "cveMetadata": {"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "assignerShortName": "certcc", "cveId": "CVE-2009-0687", "datePublished": "2009-08-11T10:00:00", "dateReserved": "2009-02-22T00:00:00", "dateUpdated": "2024-08-07T04:40:05.296Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:midnightbsd:midnightbsd:0.3-current:*:*:*:*:*:*:*", "matchCriteriaId": "0BB266CE-0E06-4094-AE00-0ADBD2364F22", "vulnerable": true}, {"criteria": "cpe:2.3:o:mirbsd:miros:*:*:*:*:*:*:*:*", "matchCriteriaId": "A6A4B5B9-C443-4A85-852D-F3B71732BCDA", "versionEndIncluding": "10", "vulnerable": true}, {"criteria": "cpe:2.3:o:netbsd:netbsd:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "00564BAA-066A-4627-B6A8-78724E55D363", "vulnerable": true}, {"criteria": "cpe:2.3:o:openbsd:openbsd:4.2:*:*:*:*:*:*:*", "matchCriteriaId": "9DF8DD37-A337-4E9D-A34E-C2D561A24285", "vulnerable": true}, {"criteria": "cpe:2.3:o:openbsd:openbsd:4.3:*:*:*:*:*:*:*", "matchCriteriaId": "F12313A0-1EAF-4652-9AB1-799171CFFEA9", "vulnerable": true}, {"criteria": "cpe:2.3:o:openbsd:openbsd:4.4:*:*:*:*:*:*:*", "matchCriteriaId": "89CA041B-4153-43C7-BA69-D6052F4EBEEB", "vulnerable": true}, {"criteria": "cpe:2.3:o:openbsd:openbsd:4.5:*:*:*:*:*:*:*", "matchCriteriaId": "B32BB973-60E5-402B-83FE-547786BC7A57", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The pf_test_rule function in OpenBSD Packet Filter (PF), as used in OpenBSD 4.2 through 4.5, NetBSD 5.0 before RC3, MirOS 10 and earlier, and MidnightBSD 0.3-current allows remote attackers to cause a denial of service (panic) via crafted IP packets that trigger a NULL pointer dereference during translation, related to an IPv4 packet with an ICMPv6 payload."}, {"lang": "es", "value": "La funci\u00f3n pf_test_rule de OpenBSD Packet Filter (PF), tal como es usada en OpenBSD v4.2 hasta v4.5, NetBSD v5.0 anterior a RC3, MirOS v10 y anteriores y MidnightBSD v0.3 hasta la versi\u00f3n actual permite a atacantes remotos causar una denegaci\u00f3n de servicio a trav\u00e9s de paquetes IP modificados que provocan una \"desreferencia\" de un puntero nulo relacionada con un paquete IPv4 con datos (\"payload\") ICMPv6."}], "id": "CVE-2009-0687", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-08-11T10:30:00.217", "references": [{"source": "cret@cert.org", "tags": ["Patch", "Vendor Advisory"], "url": "ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.3/common/013_pf.patch"}, {"source": "cret@cert.org", "tags": ["Vendor Advisory"], "url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-001.txt.asc"}, {"source": "cret@cert.org", "url": "http://www.helith.net/txt/multiple_vendor-PF_null_pointer_dereference.txt"}, {"source": "cret@cert.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.openbsd.org/errata43.html#013_pf"}, {"source": "cret@cert.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.openbsd.org/errata44.html#013_pf"}, {"source": "cret@cert.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.openbsd.org/errata45.html#002_pf"}, {"source": "cret@cert.org", "url": "http://www.osvdb.org/53608"}, {"source": "cret@cert.org", "url": "http://www.securityfocus.com/archive/1/502634"}, {"source": "cret@cert.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2009/1015"}, {"source": "cret@cert.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49837"}, {"source": "cret@cert.org", "url": "https://www.exploit-db.com/exploits/8406"}, {"source": "cret@cert.org", "url": "https://www.exploit-db.com/exploits/8581"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.3/common/013_pf.patch"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-001.txt.asc"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.helith.net/txt/multiple_vendor-PF_null_pointer_dereference.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.openbsd.org/errata43.html#013_pf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.openbsd.org/errata44.html#013_pf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.openbsd.org/errata45.html#002_pf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/53608"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/502634"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2009/1015"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49837"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.exploit-db.com/exploits/8406"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.exploit-db.com/exploits/8581"}], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-399"}], "source": "nvd@nist.gov", "type": "Primary"}]}