CVE-2008-2476

high

Description

The IPv6 Neighbor Discovery Protocol (NDP) implementation in (1) FreeBSD 6.3 through 7.1, (2) OpenBSD 4.2 and 4.3, (3) NetBSD, (4) Force10 FTOS before E7.7.1.1, (5) Juniper JUNOS, and (6) Wind River VxWorks 5.x through 6.4 does not validate the origin of Neighbor Discovery messages, which allows remote attackers to cause a denial of service (loss of connectivity) or read private network traffic via a spoofed message that modifies the Forward Information Base (FIB).

References

https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2008-09-036&viewMode=view

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5670

https://exchange.xforce.ibmcloud.com/vulnerabilities/45601

http://www.vupen.com/english/advisories/2009/0633

http://www.vupen.com/english/advisories/2008/2752

http://www.vupen.com/english/advisories/2008/2751

http://www.vupen.com/english/advisories/2008/2750

http://www.securitytracker.com/id?1021132

http://www.securitytracker.com/id?1021109

http://www.securityfocus.com/bid/31529

http://www.openbsd.org/errata43.html#006_ndp

http://www.openbsd.org/errata42.html#015_ndp

http://www.kb.cert.org/vuls/id/MAPG-7H2S68

http://www.kb.cert.org/vuls/id/MAPG-7H2RY7

http://www.kb.cert.org/vuls/id/472363

http://support.apple.com/kb/HT3467

http://securitytracker.com/id?1020968

http://security.freebsd.org/advisories/FreeBSD-SA-08:10.nd6.asc

http://secunia.com/advisories/32406

http://secunia.com/advisories/32133

http://secunia.com/advisories/32117

http://secunia.com/advisories/32116

http://secunia.com/advisories/32112

Details

Source: Mitre, NVD

Published: 2008-10-03

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity: High