CVE-2008-2476 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2008-2476
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2008-2476

Description: The IPv6 Neighbor Discovery Protocol (NDP) implementation in (1) FreeBSD 6.3 through 7.1, (2) OpenBSD 4.2 and 4.3, (3) NetBSD, (4) Force10 FTOS before E7.7.1.1, (5) Juniper JUNOS, and (6) Wind River VxWorks 5.x through 6.4 does not validate the origin of Neighbor Discovery messages, which allows remote attackers to cause a denial of service (loss of connectivity) or read private network traffic via a spoofed message that modifies the Forward Information Base (FIB).

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/45601 ST 1021132 1021109 1020968 SAID Secunia Advisory: SA32112 Secunia Advisory: SA32117 Secunia Advisory: SA32116 Secunia Advisory: SA32406 OVAL http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5670 OPENBSD http://www.openbsd.org/errata43.html#006_ndp http://www.openbsd.org/errata42.html#015_ndp NETBSD MISC FREEBSD http://security.freebsd.org/advisories/FreeBSD-SA-08:10.nd6.asc CONFIRM http://www.kb.cert.org/vuls/id/MAPG-7H2RY7 http://www.kb.cert.org/vuls/id/MAPG-7H2S68 http://support.apple.com/kb/HT3467 CERT-VN 472363 BID 31529

Return to the previous page.