CVE-2008-2476
Vulnerability from cvelistv5
Published
2008-10-03 15:00
Modified
2024-08-07 09:05
Severity ?
Summary
The IPv6 Neighbor Discovery Protocol (NDP) implementation in (1) FreeBSD 6.3 through 7.1, (2) OpenBSD 4.2 and 4.3, (3) NetBSD, (4) Force10 FTOS before E7.7.1.1, (5) Juniper JUNOS, and (6) Wind River VxWorks 5.x through 6.4 does not validate the origin of Neighbor Discovery messages, which allows remote attackers to cause a denial of service (loss of connectivity) or read private network traffic via a spoofed message that modifies the Forward Information Base (FIB).
References
cret@cert.orgftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-013.txt.asc
cret@cert.orghttp://secunia.com/advisories/32112Vendor Advisory
cret@cert.orghttp://secunia.com/advisories/32116
cret@cert.orghttp://secunia.com/advisories/32117Vendor Advisory
cret@cert.orghttp://secunia.com/advisories/32133
cret@cert.orghttp://secunia.com/advisories/32406
cret@cert.orghttp://security.freebsd.org/advisories/FreeBSD-SA-08:10.nd6.ascVendor Advisory
cret@cert.orghttp://securitytracker.com/id?1020968
cret@cert.orghttp://support.apple.com/kb/HT3467
cret@cert.orghttp://www.kb.cert.org/vuls/id/472363US Government Resource
cret@cert.orghttp://www.kb.cert.org/vuls/id/MAPG-7H2RY7US Government Resource
cret@cert.orghttp://www.kb.cert.org/vuls/id/MAPG-7H2S68US Government Resource
cret@cert.orghttp://www.openbsd.org/errata42.html#015_ndp
cret@cert.orghttp://www.openbsd.org/errata43.html#006_ndp
cret@cert.orghttp://www.securityfocus.com/bid/31529
cret@cert.orghttp://www.securitytracker.com/id?1021109
cret@cert.orghttp://www.securitytracker.com/id?1021132
cret@cert.orghttp://www.vupen.com/english/advisories/2008/2750
cret@cert.orghttp://www.vupen.com/english/advisories/2008/2751
cret@cert.orghttp://www.vupen.com/english/advisories/2008/2752
cret@cert.orghttp://www.vupen.com/english/advisories/2009/0633
cret@cert.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/45601
cret@cert.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5670
cret@cert.orghttps://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2008-09-036&viewMode=view
af854a3a-2127-422b-91ae-364da2661108ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-013.txt.asc
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/32112Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/32116
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/32117Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/32133
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/32406
af854a3a-2127-422b-91ae-364da2661108http://security.freebsd.org/advisories/FreeBSD-SA-08:10.nd6.ascVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1020968
af854a3a-2127-422b-91ae-364da2661108http://support.apple.com/kb/HT3467
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/472363US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/MAPG-7H2RY7US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/MAPG-7H2S68US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.openbsd.org/errata42.html#015_ndp
af854a3a-2127-422b-91ae-364da2661108http://www.openbsd.org/errata43.html#006_ndp
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/31529
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1021109
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1021132
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/2750
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/2751
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/2752
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2009/0633
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/45601
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5670
af854a3a-2127-422b-91ae-364da2661108https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2008-09-036&viewMode=view
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T09:05:29.861Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "32406",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32406"
          },
          {
            "name": "multiple-vendors-ndp-dos(45601)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45601"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT3467"
          },
          {
            "name": "[4.2] 015: SECURITY FIX: October 2, 2008",
            "tags": [
              "vendor-advisory",
              "x_refsource_OPENBSD",
              "x_transferred"
            ],
            "url": "http://www.openbsd.org/errata42.html#015_ndp"
          },
          {
            "name": "ADV-2008-2751",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/2751"
          },
          {
            "name": "1021109",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1021109"
          },
          {
            "name": "1020968",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1020968"
          },
          {
            "name": "32133",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32133"
          },
          {
            "name": "VU#472363",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/472363"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/MAPG-7H2RY7"
          },
          {
            "name": "32116",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32116"
          },
          {
            "name": "1021132",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1021132"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search\u0026txtAlertNumber=PSN-2008-09-036\u0026viewMode=view"
          },
          {
            "name": "ADV-2008-2750",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/2750"
          },
          {
            "name": "ADV-2008-2752",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/2752"
          },
          {
            "name": "31529",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/31529"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/MAPG-7H2S68"
          },
          {
            "name": "FreeBSD-SA-08:10",
            "tags": [
              "vendor-advisory",
              "x_refsource_FREEBSD",
              "x_transferred"
            ],
            "url": "http://security.freebsd.org/advisories/FreeBSD-SA-08:10.nd6.asc"
          },
          {
            "name": "[4.3] 006: SECURITY FIX: October 2, 2008",
            "tags": [
              "vendor-advisory",
              "x_refsource_OPENBSD",
              "x_transferred"
            ],
            "url": "http://www.openbsd.org/errata43.html#006_ndp"
          },
          {
            "name": "32112",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32112"
          },
          {
            "name": "NetBSD-SA2008-013",
            "tags": [
              "vendor-advisory",
              "x_refsource_NETBSD",
              "x_transferred"
            ],
            "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-013.txt.asc"
          },
          {
            "name": "oval:org.mitre.oval:def:5670",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5670"
          },
          {
            "name": "32117",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32117"
          },
          {
            "name": "ADV-2009-0633",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/0633"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-10-02T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The IPv6 Neighbor Discovery Protocol (NDP) implementation in (1) FreeBSD 6.3 through 7.1, (2) OpenBSD 4.2 and 4.3, (3) NetBSD, (4) Force10 FTOS before E7.7.1.1, (5) Juniper JUNOS, and (6) Wind River VxWorks 5.x through 6.4 does not validate the origin of Neighbor Discovery messages, which allows remote attackers to cause a denial of service (loss of connectivity) or read private network traffic via a spoofed message that modifies the Forward Information Base (FIB)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-28T12:57:01",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "name": "32406",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32406"
        },
        {
          "name": "multiple-vendors-ndp-dos(45601)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45601"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT3467"
        },
        {
          "name": "[4.2] 015: SECURITY FIX: October 2, 2008",
          "tags": [
            "vendor-advisory",
            "x_refsource_OPENBSD"
          ],
          "url": "http://www.openbsd.org/errata42.html#015_ndp"
        },
        {
          "name": "ADV-2008-2751",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/2751"
        },
        {
          "name": "1021109",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1021109"
        },
        {
          "name": "1020968",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1020968"
        },
        {
          "name": "32133",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32133"
        },
        {
          "name": "VU#472363",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/472363"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.kb.cert.org/vuls/id/MAPG-7H2RY7"
        },
        {
          "name": "32116",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32116"
        },
        {
          "name": "1021132",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1021132"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search\u0026txtAlertNumber=PSN-2008-09-036\u0026viewMode=view"
        },
        {
          "name": "ADV-2008-2750",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/2750"
        },
        {
          "name": "ADV-2008-2752",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/2752"
        },
        {
          "name": "31529",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/31529"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.kb.cert.org/vuls/id/MAPG-7H2S68"
        },
        {
          "name": "FreeBSD-SA-08:10",
          "tags": [
            "vendor-advisory",
            "x_refsource_FREEBSD"
          ],
          "url": "http://security.freebsd.org/advisories/FreeBSD-SA-08:10.nd6.asc"
        },
        {
          "name": "[4.3] 006: SECURITY FIX: October 2, 2008",
          "tags": [
            "vendor-advisory",
            "x_refsource_OPENBSD"
          ],
          "url": "http://www.openbsd.org/errata43.html#006_ndp"
        },
        {
          "name": "32112",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32112"
        },
        {
          "name": "NetBSD-SA2008-013",
          "tags": [
            "vendor-advisory",
            "x_refsource_NETBSD"
          ],
          "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-013.txt.asc"
        },
        {
          "name": "oval:org.mitre.oval:def:5670",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5670"
        },
        {
          "name": "32117",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32117"
        },
        {
          "name": "ADV-2009-0633",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/0633"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2008-2476",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The IPv6 Neighbor Discovery Protocol (NDP) implementation in (1) FreeBSD 6.3 through 7.1, (2) OpenBSD 4.2 and 4.3, (3) NetBSD, (4) Force10 FTOS before E7.7.1.1, (5) Juniper JUNOS, and (6) Wind River VxWorks 5.x through 6.4 does not validate the origin of Neighbor Discovery messages, which allows remote attackers to cause a denial of service (loss of connectivity) or read private network traffic via a spoofed message that modifies the Forward Information Base (FIB)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "32406",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/32406"
            },
            {
              "name": "multiple-vendors-ndp-dos(45601)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45601"
            },
            {
              "name": "http://support.apple.com/kb/HT3467",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT3467"
            },
            {
              "name": "[4.2] 015: SECURITY FIX: October 2, 2008",
              "refsource": "OPENBSD",
              "url": "http://www.openbsd.org/errata42.html#015_ndp"
            },
            {
              "name": "ADV-2008-2751",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/2751"
            },
            {
              "name": "1021109",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1021109"
            },
            {
              "name": "1020968",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1020968"
            },
            {
              "name": "32133",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/32133"
            },
            {
              "name": "VU#472363",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/472363"
            },
            {
              "name": "http://www.kb.cert.org/vuls/id/MAPG-7H2RY7",
              "refsource": "CONFIRM",
              "url": "http://www.kb.cert.org/vuls/id/MAPG-7H2RY7"
            },
            {
              "name": "32116",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/32116"
            },
            {
              "name": "1021132",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1021132"
            },
            {
              "name": "https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search\u0026txtAlertNumber=PSN-2008-09-036\u0026viewMode=view",
              "refsource": "MISC",
              "url": "https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search\u0026txtAlertNumber=PSN-2008-09-036\u0026viewMode=view"
            },
            {
              "name": "ADV-2008-2750",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/2750"
            },
            {
              "name": "ADV-2008-2752",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/2752"
            },
            {
              "name": "31529",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/31529"
            },
            {
              "name": "http://www.kb.cert.org/vuls/id/MAPG-7H2S68",
              "refsource": "CONFIRM",
              "url": "http://www.kb.cert.org/vuls/id/MAPG-7H2S68"
            },
            {
              "name": "FreeBSD-SA-08:10",
              "refsource": "FREEBSD",
              "url": "http://security.freebsd.org/advisories/FreeBSD-SA-08:10.nd6.asc"
            },
            {
              "name": "[4.3] 006: SECURITY FIX: October 2, 2008",
              "refsource": "OPENBSD",
              "url": "http://www.openbsd.org/errata43.html#006_ndp"
            },
            {
              "name": "32112",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/32112"
            },
            {
              "name": "NetBSD-SA2008-013",
              "refsource": "NETBSD",
              "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-013.txt.asc"
            },
            {
              "name": "oval:org.mitre.oval:def:5670",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5670"
            },
            {
              "name": "32117",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/32117"
            },
            {
              "name": "ADV-2009-0633",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/0633"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2008-2476",
    "datePublished": "2008-10-03T15:00:00",
    "dateReserved": "2008-05-28T00:00:00",
    "dateUpdated": "2024-08-07T09:05:29.861Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2008-2476\",\"sourceIdentifier\":\"cret@cert.org\",\"published\":\"2008-10-03T15:07:10.727\",\"lastModified\":\"2024-11-21T00:46:57.280\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The IPv6 Neighbor Discovery Protocol (NDP) implementation in (1) FreeBSD 6.3 through 7.1, (2) OpenBSD 4.2 and 4.3, (3) NetBSD, (4) Force10 FTOS before E7.7.1.1, (5) Juniper JUNOS, and (6) Wind River VxWorks 5.x through 6.4 does not validate the origin of Neighbor Discovery messages, which allows remote attackers to cause a denial of service (loss of connectivity) or read private network traffic via a spoofed message that modifies the Forward Information Base (FIB).\"},{\"lang\":\"es\",\"value\":\"La implementaci\u00f3n IPv6 Neighbor Discovery Protocol (NDP) en (1) FreeBSD v6.3 hasta v7.1, (2) OpenBSD v4.2 y v4.3, (3) NetBSD, (4) Force10 FTOS versiones anteriores a vE7.7.1.1, (5) Juniper JUNOS, y (6) Wind River VxWorks 5.x hasta v6.4 no valida los mensaje originales de Neighbor Discovery, lo cual permite a atacantes remotos provocar una denegaci\u00f3n de servicio (p\u00e9rdida de conectividad) o leer tr\u00e1fico de red privado a trav\u00e9s de mensajes falsos que modifica la Forward Information Base (FIB).\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:force10:ftos:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4941A848-A02E-4234-82A3-076AABC94476\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:6.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F702C46F-CA02-4FA2-B7D6-C61C2C095679\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"803EFA9F-B7CB-4511-B1C1-381170CA9A23\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:jnos:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9BD3413A-DD12-4C60-88F4-E2D6C1264319\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netbsd:netbsd:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B55E4B92-88E0-41F0-AFA7-046A8D34A2CA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:openbsd:openbsd:4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9DF8DD37-A337-4E9D-A34E-C2D561A24285\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:openbsd:openbsd:4.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F12313A0-1EAF-4652-9AB1-799171CFFEA9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:windriver:vxworks:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"6.4\",\"matchCriteriaId\":\"DFCBBA4F-BD05-4044-98A0-2825A413D299\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:windriver:vxworks:5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F69B80D9-E6A6-4761-9EE3-3EF5E55EFA8B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:windriver:vxworks:5.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FE3680A0-7B0C-4E91-97D7-B3F33EE1569A\"}]}]}],\"references\":[{\"url\":\"ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-013.txt.asc\",\"source\":\"cret@cert.org\"},{\"url\":\"http://secunia.com/advisories/32112\",\"source\":\"cret@cert.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/32116\",\"source\":\"cret@cert.org\"},{\"url\":\"http://secunia.com/advisories/32117\",\"source\":\"cret@cert.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/32133\",\"source\":\"cret@cert.org\"},{\"url\":\"http://secunia.com/advisories/32406\",\"source\":\"cret@cert.org\"},{\"url\":\"http://security.freebsd.org/advisories/FreeBSD-SA-08:10.nd6.asc\",\"source\":\"cret@cert.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1020968\",\"source\":\"cret@cert.org\"},{\"url\":\"http://support.apple.com/kb/HT3467\",\"source\":\"cret@cert.org\"},{\"url\":\"http://www.kb.cert.org/vuls/id/472363\",\"source\":\"cret@cert.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/MAPG-7H2RY7\",\"source\":\"cret@cert.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/MAPG-7H2S68\",\"source\":\"cret@cert.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.openbsd.org/errata42.html#015_ndp\",\"source\":\"cret@cert.org\"},{\"url\":\"http://www.openbsd.org/errata43.html#006_ndp\",\"source\":\"cret@cert.org\"},{\"url\":\"http://www.securityfocus.com/bid/31529\",\"source\":\"cret@cert.org\"},{\"url\":\"http://www.securitytracker.com/id?1021109\",\"source\":\"cret@cert.org\"},{\"url\":\"http://www.securitytracker.com/id?1021132\",\"source\":\"cret@cert.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/2750\",\"source\":\"cret@cert.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/2751\",\"source\":\"cret@cert.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/2752\",\"source\":\"cret@cert.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2009/0633\",\"source\":\"cret@cert.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/45601\",\"source\":\"cret@cert.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5670\",\"source\":\"cret@cert.org\"},{\"url\":\"https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search\u0026txtAlertNumber=PSN-2008-09-036\u0026viewMode=view\",\"source\":\"cret@cert.org\"},{\"url\":\"ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-013.txt.asc\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/32112\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/32116\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/32117\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/32133\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/32406\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://security.freebsd.org/advisories/FreeBSD-SA-08:10.nd6.asc\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1020968\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://support.apple.com/kb/HT3467\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.kb.cert.org/vuls/id/472363\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/MAPG-7H2RY7\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/MAPG-7H2S68\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.openbsd.org/errata42.html#015_ndp\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openbsd.org/errata43.html#006_ndp\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/31529\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1021109\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1021132\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/2750\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/2751\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/2752\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2009/0633\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/45601\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5670\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search\u0026txtAlertNumber=PSN-2008-09-036\u0026viewMode=view\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}],\"vendorComments\":[{\"organization\":\"Red Hat\",\"comment\":\"Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, 5 or Red Hat Enterprise MRG.\",\"lastModified\":\"2017-09-28T21:31:11.053\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.