FreeBSD : FreeBSD -- Denial of Service with IPv6 Router Advertisements (0bb55a18-600a-11e6-a6c3-14dae9d210b8)

medium Nessus Plugin ID 92888

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

The Neighbor Discover Protocol allows a local router to advertise a suggested Current Hop Limit value of a link, which will replace Current Hop Limit on an interface connected to the link on the FreeBSD system. Impact : When the Current Hop Limit (similar to IPv4's TTL) is small, IPv6 packets may get dropped before they reached their destinations.

By sending specifically crafted Router Advertisement packets, an attacker on the local network can cause the FreeBSD system to lose the ability to communicate with another IPv6 node on a different network.

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?e7431044

Plugin Details

Severity: Medium

ID: 92888

File Name: freebsd_pkg_0bb55a18600a11e6a6c314dae9d210b8.nasl

Version: 2.5

Type: local

Published: 8/12/2016

Updated: 1/4/2021

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Low

Base Score: 3.3

Temporal Score: 2.9

Vector: CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:P

CVSS v3

Risk Factor: Medium

Base Score: 6.5

Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:freebsd, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info, Settings/ParanoidReport

Exploit Ease: No known exploits are available

Patch Publication Date: 8/11/2016

Vulnerability Publication Date: 4/7/2015

Reference Information

CVE: CVE-2015-2923

BID: 74713

FreeBSD: SA-15:09.ipv6