CVE-2008-2476 Information
Description
The IPv6 Neighbor Discovery Protocol (NDP) implementation in (1) FreeBSD 6.3 through 7.1 (2) OpenBSD 4.2 and 4.3 (3) NetBSD (4) Force10 FTOS before E7.7.1.1 (5) Juniper JUNOS and (6) Wind River VxWorks 5.x through 6.4 does not validate the origin of Neighbor Discovery messages which allows remote attackers to cause a denial of service (loss of connectivity) or read private network traffic via a spoofed message that modifies the Forward Information Base (FIB).
Reference
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-013.txt.asc http://secunia.com/advisories/32112 http://secunia.com/advisories/32116 http://secunia.com/advisories/32117 http://secunia.com/advisories/32133 http://secunia.com/advisories/32406 http://security.freebsd.org/advisories/FreeBSD-SA-08:10.nd6.asc http://securitytracker.com/id?1020968 http://support.apple.com/kb/HT3467 http://www.kb.cert.org/vuls/id/472363 http://www.kb.cert.org/vuls/id/MAPG-7H2RY7 http://www.kb.cert.org/vuls/id/MAPG-7H2S68 http://www.openbsd.org/errata42.html015_ndp http://www.openbsd.org/errata43.html006_ndp http://www.securityfocus.com/bid/31529 http://www.securitytracker.com/id?1021109 http://www.securitytracker.com/id?1021132 http://www.vupen.com/english/advisories/2008/2750 http://www.vupen.com/english/advisories/2008/2751 http://www.vupen.com/english/advisories/2008/2752 http://www.vupen.com/english/advisories/2009/0633 https://exchange.xforce.ibmcloud.com/vulnerabilities/45601 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A5670 https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2008-09-036&viewMode=view
Share on: