Podatność CVE-2008-2476


Publikacja: 2008-10-03   Modyfikacja: 2012-02-12

Opis:
The IPv6 Neighbor Discovery Protocol (NDP) implementation in (1) FreeBSD 6.3 through 7.1, (2) OpenBSD 4.2 and 4.3, (3) NetBSD, (4) Force10 FTOS before E7.7.1.1, (5) Juniper JUNOS, and (6) Wind River VxWorks 5.x through 6.4 does not validate the origin of Neighbor Discovery messages, which allows remote attackers to cause a denial of service (loss of connectivity) or read private network traffic via a spoofed message that modifies the Forward Information Base (FIB).

Typ:

CWE-20

(Improper Input Validation)

CVSS2 => (AV:N/AC:M/Au:N/C:C/I:C/A:C)

Ogólna skala CVSS
Znaczenie
Łatwość wykorzystania
9.3/10
10/10
8.6/10
Wymagany dostęp
Złożoność ataku
Autoryzacja
Zdalny
Średnia
Nie wymagana
Wpływ na poufność
Wpływ na integralność
Wpływ na dostępność
Pełny
Pełny
Pełny
Affected software
Windriver -> Vxworks 
Openbsd -> Openbsd 
Netbsd -> Netbsd 
Juniper -> JNOS 
Freebsd -> Freebsd 
Force10 -> FTOS 

 Referencje:
http://www.kb.cert.org/vuls/id/MAPG-7H2S68
http://www.kb.cert.org/vuls/id/MAPG-7H2RY7
http://www.kb.cert.org/vuls/id/472363
https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2008-09-036&viewMode=view
http://xforce.iss.net/xforce/xfdb/45601
http://www.vupen.com/english/advisories/2009/0633
http://www.vupen.com/english/advisories/2008/2752
http://www.vupen.com/english/advisories/2008/2751
http://www.vupen.com/english/advisories/2008/2750
http://www.securitytracker.com/id?1021132
http://www.securitytracker.com/id?1021109
http://www.securityfocus.com/bid/31529
http://www.openbsd.org/errata43.html#006_ndp
http://www.openbsd.org/errata42.html#015_ndp
http://support.apple.com/kb/HT3467
http://securitytracker.com/id?1020968
http://security.freebsd.org/advisories/FreeBSD-SA-08:10.nd6.asc
http://secunia.com/advisories/32406
http://secunia.com/advisories/32117
http://secunia.com/advisories/32116
http://secunia.com/advisories/32112
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5670
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-013.txt.asc

Copyright 2024, cxsecurity.com

 

Back to Top