CVE-2007-1365

OpenBSD 3.9-4.0 - Remote Code Execution via IPv6 Fragmented Packet Handling

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-1365. PoCs published by Alfredo Ortega.

AI-analyzed exploit summary This exploit targets a remote buffer overflow in OpenBSD's ICMPv6 fragmentation handling (CVE-2007-1365). It crafts malformed IPv6 packets with oversized payloads to trigger a kernel-level buffer overflow, potentially leading to remote code execution with kernel privileges.

Description

Buffer overflow in kern/uipc_mbuf2.c in OpenBSD 3.9 and 4.0 allows remote attackers to execute arbitrary code via fragmented IPv6 packets due to "incorrect mbuf handling for ICMP6 packets." NOTE: this was originally reported as a denial of service.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Alfredo Ortega · pythonremoteopenbsd

https://www.exploit-db.com/exploits/29725

View Code ZIP pw:eip

This exploit targets a remote buffer overflow in OpenBSD's ICMPv6 fragmentation handling (CVE-2007-1365). It crafts malformed IPv6 packets with oversized payloads to trigger a kernel-level buffer overflow, potentially leading to remote code execution with kernel privileges.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Complex

Reliability

Racy

Target: OpenBSD (versions affected by CVE-2007-1365)

No auth needed

Prerequisites: Network access to target · Target must be running a vulnerable OpenBSD version · Target must have IPv6 enabled

MITRE ATT&CK