CVE-2008-1335
Last modified
CVE-2008-1335 is a vulnerability of currently unknown severity. The ipsec4_get_ulp function in the kernel in NetBSD 2.0 through 3.1 and NetBSD-current before 20071028, when the fast_ipsec subsystem is enabled, allows remote attackers to bypass the IPsec policy by sending packets from a source machine with a different endianness than the destination machine, a different vulnerability than CVE-2006-0905.. EPSS estimates a 1.94% chance of exploitation in the next 30 days.
Description
The ipsec4_get_ulp function in the kernel in NetBSD 2.0 through 3.1 and NetBSD-current before 20071028, when the fast_ipsec subsystem is enabled, allows remote attackers to bypass the IPsec policy by sending packets from a source machine with a different endianness than the destination machine, a different vulnerability than CVE-2006-0905.
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Netbsd | Netbsd | 2.0 |
| Netbsd | Netbsd | 2.0.1 |
| Netbsd | Netbsd | 2.0.2 |
| Netbsd | Netbsd | 2.0.3 |
| Netbsd | Netbsd | 2.0.4 |
| Netbsd | Netbsd | 2.1 |
| Netbsd | Netbsd | 2.1.1 |
| Netbsd | Netbsd | 3.0 |
| Netbsd | Netbsd | 3.0.1 |
| Netbsd | Netbsd | 3.0.2 |
| Netbsd | Netbsd | 3.1 |
| Netbsd | Netbsd Current | <= 20071027 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2008-1335?
How severe is CVE-2008-1335?
How do I fix CVE-2008-1335?
Are you affected by CVE-2008-1335?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST