Software Engineering Institute

RFC 3173 defines the IP Payload Compression Protocol (IPComp) as:

IP payload compression is a protocol to reduce the size of IP datagrams. This protocol will increase the overall communication performance between a pair of communicating hosts/gateways ("nodes") by compressing the datagrams, provided the nodes have sufficient computation power, through either CPU capacity or a compression coprocessor, and the communication is over slow or congested links.

IPComp is commonly used in conjunction with IPsec implementations.

Some network stack implementations, particularly those incorporating the KAME project or NetBSD project IPComp and IPsec implementations, may fail to check for stack overflow in their recursive handling of nested IPComp-encapsulated payloads. Exploitation of this vulnerability could allow a remote attacker to cause kernel memory corruption.

A remote attacker can cause a kernel stack overflow leading to a denial of service or possibly execute arbitrary code.

Apply a Patch from Your Vendor
Please see the Vendor Information below for specific vendor information and patches.

Workarounds

• Filter IPComp (protocol number 108) at network borders if it is not required
• Utilize packet filtering on workstations or servers to prevent the vulnerable code from being executed
• Recompile affected software to disallow nested encapulation of IPComp payloads if possible