CVE-2007-6282

IPSec ESP kernel panics

Severity Score

7.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The IPsec implementation in Linux kernel before 2.6.25 allows remote routers to cause a denial of service (crash) via a fragmented ESP packet in which the first fragment does not contain the entire ESP header and IV.

La implementación IPsec en el Kernel de Linux, versiones anteriores a la 2.6.25, permite a routers remotos provocar una denegación de servicio (caída) a través de un paquete ESP fragmentado en el que el primer fragmento no contiene la cabecera ESP y el IV (Vector de Inicialización) completos.

Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or arbitrary code execution.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2007-12-10 CVE Reserved
2008-05-08 CVE Published
2024-08-07 CVE Updated
2024-08-07 First Exploit
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-16: Configuration

CAPEC

References (22)

URL	Tag	Source
http://secunia.com/advisories/30112	Third Party Advisory
http://secunia.com/advisories/30294	Third Party Advisory
http://secunia.com/advisories/30818	Third Party Advisory
http://secunia.com/advisories/30890	Third Party Advisory
http://secunia.com/advisories/30962	Third Party Advisory
http://secunia.com/advisories/31107	Third Party Advisory
http://secunia.com/advisories/31551	Third Party Advisory
http://secunia.com/advisories/31628	Third Party Advisory
http://www.securityfocus.com/bid/29081	Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/42276	Vdb Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10549	Signature

URL	Date	SRC
http://marc.info/?l=linux-netdev&m=120372380411259&w=2	2024-08-07

URL	Date	SRC

URL	Date	SRC
http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00006.html	2017-09-29
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00000.html	2017-09-29
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00002.html	2017-09-29
http://www.debian.org/security/2008/dsa-1630	2017-09-29
http://www.redhat.com/support/errata/RHSA-2008-0237.html	2017-09-29
http://www.redhat.com/support/errata/RHSA-2008-0275.html	2017-09-29
http://www.redhat.com/support/errata/RHSA-2008-0585.html	2017-09-29
http://www.ubuntu.com/usn/usn-625-1	2017-09-29
https://bugzilla.redhat.com/show_bug.cgi?id=404291	2008-08-26
https://access.redhat.com/security/cve/CVE-2007-6282	2008-08-26

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Redhat Search vendor "Redhat"		Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"				as_4 Search vendor "Redhat" for product "Enterprise Linux" and version "as_4"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"				es_4 Search vendor "Redhat" for product "Enterprise Linux" and version "es_4"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"				ws_4 Search vendor "Redhat" for product "Enterprise Linux" and version "ws_4"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Desktop Search vendor "Redhat" for product "Enterprise Linux Desktop"				4 Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "4"		-		Affected