0day.today - La plus grande base de données de Exploit dans le monde.
![](/img/logo_green.jpg)
Nous utilisons un domaine DOMAIN_LINK
Si vous voulez acheter un exploit ou payer un service vous avez besoins d'Or. Nous ne voulons pas que notre site soit utiliser comme outil de piratage , de sorte que touts types d'actions qui pourrais affecter illegalement d'autres utilisateurs ou sites web ou vous n'avez pas l'autorisation vous serez bannit et votre compte ainsi que vos donnees seront supprimees.
Les administrateur de 0day.today utilises des moyens de contacts officiels. Mefiez-vous des imposteurs!
![We DO NOT use Telegram or any messengers / social networks!](/img/no_telegram_big.png)
Please, beware of scammers!
- Lire le [ J'accepte ]
- Lire le [ Envoyer ] Regles
- Visiter le [ faq ] page
- [ Enregistrement ] profil
- Obtenir [ GOLD ]
- Si vous voulez [ vendre ]
- Si vous voulez [ acheter ]
- Si vous vous perdez [ Compte ]
- Une questions [ [email protected] ]
- Connexion
- Page d'enregistrement
- Restauration de compte
- Foire aux questions
- Contactez-nous
- Regle de publication
- Page de contrat
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Vous pouvez nous contacter par:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Kaspersky Internet Security 2013 - Denial Of Service Vulnerability
Auteur
Risque
![](/img/risk/critlow_2.gif)
Security Risk Medium
]0day-ID
Catégorie
Date d'ajout
Plateforme
I usually do not write security advisories unless absolutely necessary. This time I should, however I have neither the time, nor the desire to do so. But Kaspersky did not react, so ... quick and dirty: Kaspersky Internet Security 2013 (and any other Kaspersky product which includes the firewall funcionality) is susceptible to a remote system freeze. As of the 3rd March 2013, the bug is still unfixed. If IPv6 connectivity to a victim is possible (which is always the case on local networks), a fragmented packet with multiple but one large extension header leads to a complete freeze of the operating system. No log message or warning window is generated, nor is the system able to perform any task. To test: 1. download the thc-ipv6 IPv6 protocol attack suite for Linux from www.thc.org/thc-ipv6 2. compile the tools with "make" 3. run the following tool on the target: firewall6 <interface> <target> <port> 19 where interface is the network interface (e.g. eth0) target is the IPv6 address of the victim (e.g. ff02::1) port is any tcp port, doesnt matter which (e.g. 80) and 19 is the test case number. The test case numbers 18, 19, 20 and 21 lead to a remote system freeze. Solution: Remove the Kaspersky Anti-Virus NDIS 6 Filter from all network interfaces or uninstall the Kaspersky software until a fix is provided. The bug was reported to Kaspersky first on the 21st January 2013, then reminded on the 14th Feburary 2013. No feedback was given by Kaspersky, and the reminder contained a warning that without feedback the bug would be disclosed on this day. So here we are. Greets, Marc Heuse # 0day.today [2024-07-01] #