CIPE Denial of Service Vulnerability

info
discussion
exploit
solution
references

CIPE Denial of Service Vulnerability

CIPE is an open source VPN implementation for Linux and Windows systems.

CIPE contains a failure to handle exceptional conditions that can result in a denial of service. If a CIPE packet is received that is shorter than it should be, the system will crash attempting to process it.

CIPE runs at the kernel level and exploitation may result in a system-wide crash. Additionally, an unexpected kernel crash may result in loss of data.