Credit: Tavis Ormandy
Most BSD-derived network stacks contain a vulnerability in the code processing IPComp encapsulation, commonly used alongside IPSec. By recursively trying to de-encapsulate a nested IPComp payload, an attacker can cause a kernel stack overflow (not a buffer overflow). Tavis speculates that it’s not that impossible to turn this into a remote code execution exploit.