CVE-2008-0177

KAME ipcomp - Denial of Service via IPv6 IPComp Header

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-0177. PoCs published by mu-b.

AI-analyzed exploit summary This exploit targets a DoS vulnerability in Apple MACOS X xnu <= 1228.3.13 due to improper validation in ipv6-ipcomp processing. It sends malformed IPv6 packets with IPComp headers to trigger a kernel crash.

Description

The ipcomp6_input function in sys/netinet6/ipcomp_input.c in the KAME project before 20071201 does not properly check the return value of the m_pulldown function, which allows remote attackers to cause a denial of service (system crash) via an IPv6 packet with an IPComp header.

Exploits (1)

exploitdb WORKING POC VERIFIED

by mu-b · cdosmultiple

https://www.exploit-db.com/exploits/5191

View Code ZIP pw:eip

This exploit targets a DoS vulnerability in Apple MACOS X xnu <= 1228.3.13 due to improper validation in ipv6-ipcomp processing. It sends malformed IPv6 packets with IPComp headers to trigger a kernel crash.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Apple MACOS X xnu <= 1228.3.13

No auth needed

Prerequisites: Network access to target · IPv6 connectivity

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (20)

Core 20

Core References

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/28816

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2008/0688

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2008/0441

Vendor Advisory x_refsource_confirm

http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/netinet6/ipcomp_input.c?f=u&only_with_tag=netbsd-3-1

Patch vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/27642

Patch, Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/28788

Various Sources vendor-advisory x_refsource_freebsd

http://security.freebsd.org/advisories/FreeBSD-SA-08:04.ipsec.asc

US Government Resource third-party-advisory x_refsource_cert

http://www.us-cert.gov/cas/techalerts/TA08-150A.html

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/29130

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/28979

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/30430

Mailing List vendor-advisory x_refsource_apple

http://lists.apple.com/archives/security-announce/2008//May/msg00001.html

Various Sources x_refsource_confirm

http://www.kame.net/dev/cvsweb2.cgi/kame/kame/sys/netinet6/ipcomp_input.c.diff?r1=1.36%3Br2=1.37

Mailing List vendor-advisory x_refsource_apple

http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2008/2094/references

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2008/1697

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://securitytracker.com/id?1019314

US Government Resource third-party-advisory x_refsource_cert-vn

http://www.kb.cert.org/vuls/id/110947

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/31074

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/5191

Scores

EPSS 0.1554

EPSS Percentile 96.4%

Details

Status published

Products (1)

kame/ipcomp

Published Feb 07, 2008

Tracked Since Feb 18, 2026