sys/netinet6/icmp6.c in the kernel in FreeBSD 6.3 through 7.1, NetBSD 3.0 through 4.0, and possibly other operating systems does not properly check the proposed new MTU in an ICMPv6 Packet Too Big Message, which allows remote attackers to cause a denial of service (panic) via a crafted Packet Too Big Message.
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-015.txt.asc
lists.apple.com/archives/security-announce/2009/May/msg00002.html
secunia.com/advisories/31745
secunia.com/advisories/32401
secunia.com/advisories/35074
security.freebsd.org/advisories/FreeBSD-SA-08:09.icmp6.asc
support.apple.com/kb/HT3467
support.apple.com/kb/HT3549
www.securityfocus.com/bid/31004
www.securitytracker.com/id?1020820
www.securitytracker.com/id?1021111
www.us-cert.gov/cas/techalerts/TA09-133A.html
www.vupen.com/english/advisories/2009/0633
www.vupen.com/english/advisories/2009/1297
exchange.xforce.ibmcloud.com/vulnerabilities/44908