Vulnerability CVE-2008-2476
Published: 2008-10-03   Modified: 2012-02-12

Description:
The IPv6 Neighbor Discovery Protocol (NDP) implementation in (1) FreeBSD 6.3 through 7.1, (2) OpenBSD 4.2 and 4.3, (3) NetBSD, (4) Force10 FTOS before E7.7.1.1, (5) Juniper JUNOS, and (6) Wind River VxWorks 5.x through 6.4 does not validate the origin of Neighbor Discovery messages, which allows remote attackers to cause a denial of service (loss of connectivity) or read private network traffic via a spoofed message that modifies the Forward Information Base (FIB).

Type:

CWE-20

 (Improper Input Validation)

CVSS2 => (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9.3/10
10/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Windriver -> Vxworks 
Openbsd -> Openbsd 
Netbsd -> Netbsd 
Juniper -> JNOS 
Freebsd -> Freebsd 
Force10 -> FTOS 

 References:
http://www.kb.cert.org/vuls/id/MAPG-7H2S68
http://www.kb.cert.org/vuls/id/MAPG-7H2RY7
http://www.kb.cert.org/vuls/id/472363
https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2008-09-036&viewMode=view
http://xforce.iss.net/xforce/xfdb/45601
http://www.vupen.com/english/advisories/2009/0633
http://www.vupen.com/english/advisories/2008/2752
http://www.vupen.com/english/advisories/2008/2751
http://www.vupen.com/english/advisories/2008/2750
http://www.securitytracker.com/id?1021132
http://www.securitytracker.com/id?1021109
http://www.securityfocus.com/bid/31529
http://www.openbsd.org/errata43.html#006_ndp
http://www.openbsd.org/errata42.html#015_ndp
http://support.apple.com/kb/HT3467
http://securitytracker.com/id?1020968
http://security.freebsd.org/advisories/FreeBSD-SA-08:10.nd6.asc
http://secunia.com/advisories/32406
http://secunia.com/advisories/32117
http://secunia.com/advisories/32116
http://secunia.com/advisories/32112
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5670
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-013.txt.asc
Copyright 2024, cxsecurity.com

 

Back to Top