Vulnerabilidad en implementación IPv6 Neighbor Discovery Protocol (NDP) en FreeBSD, OpenBSD, NetBSD, Force10 FTOS, Juniper JUNOS, y Wind River VxWorks (CVE-2008-2476)
Gravedad CVSS v2.0:
ALTA
Tipo:
CWE-20
Validación incorrecta de entrada
Fecha de publicación:
03/10/2008
Última modificación:
09/04/2025
Descripción
La implementación IPv6 Neighbor Discovery Protocol (NDP) en (1) FreeBSD v6.3 hasta v7.1, (2) OpenBSD v4.2 y v4.3, (3) NetBSD, (4) Force10 FTOS versiones anteriores a vE7.7.1.1, (5) Juniper JUNOS, y (6) Wind River VxWorks 5.x hasta v6.4 no valida los mensaje originales de Neighbor Discovery, lo cual permite a atacantes remotos provocar una denegación de servicio (pérdida de conectividad) o leer tráfico de red privado a través de mensajes falsos que modifica la Forward Information Base (FIB).
Impacto
Puntuación base 2.0
9.30
Gravedad 2.0
ALTA
Productos y versiones vulnerables
| CPE | Desde | Hasta |
|---|---|---|
| cpe:2.3:o:force10:ftos:*:*:*:*:*:*:*:* | ||
| cpe:2.3:o:freebsd:freebsd:6.3:*:*:*:*:*:*:* | ||
| cpe:2.3:o:freebsd:freebsd:7.1:*:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:jnos:*:*:*:*:*:*:*:* | ||
| cpe:2.3:o:netbsd:netbsd:*:*:*:*:*:*:*:* | ||
| cpe:2.3:o:openbsd:openbsd:4.2:*:*:*:*:*:*:* | ||
| cpe:2.3:o:openbsd:openbsd:4.3:*:*:*:*:*:*:* | ||
| cpe:2.3:o:windriver:vxworks:*:*:*:*:*:*:*:* | 6.4 (incluyendo) | |
| cpe:2.3:o:windriver:vxworks:5:*:*:*:*:*:*:* | ||
| cpe:2.3:o:windriver:vxworks:5.5:*:*:*:*:*:*:* |
Para consultar la lista completa de nombres de CPE con productos y versiones, ver esta página
Referencias a soluciones, herramientas e información
- ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-013.txt.asc
- http://secunia.com/advisories/32112
- http://secunia.com/advisories/32116
- http://secunia.com/advisories/32117
- http://secunia.com/advisories/32133
- http://secunia.com/advisories/32406
- http://security.freebsd.org/advisories/FreeBSD-SA-08:10.nd6.asc
- http://securitytracker.com/id?1020968=
- http://support.apple.com/kb/HT3467
- http://www.kb.cert.org/vuls/id/472363
- http://www.kb.cert.org/vuls/id/MAPG-7H2RY7
- http://www.kb.cert.org/vuls/id/MAPG-7H2S68
- http://www.openbsd.org/errata42.html#015_ndp
- http://www.openbsd.org/errata43.html#006_ndp
- http://www.securityfocus.com/bid/31529
- http://www.securitytracker.com/id?1021109=
- http://www.securitytracker.com/id?1021132=
- http://www.vupen.com/english/advisories/2008/2750
- http://www.vupen.com/english/advisories/2008/2751
- http://www.vupen.com/english/advisories/2008/2752
- http://www.vupen.com/english/advisories/2009/0633
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45601
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5670
- https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2008-09-036&viewMode=view
- ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-013.txt.asc
- http://secunia.com/advisories/32112
- http://secunia.com/advisories/32116
- http://secunia.com/advisories/32117
- http://secunia.com/advisories/32133
- http://secunia.com/advisories/32406
- http://security.freebsd.org/advisories/FreeBSD-SA-08:10.nd6.asc
- http://securitytracker.com/id?1020968=
- http://support.apple.com/kb/HT3467
- http://www.kb.cert.org/vuls/id/472363
- http://www.kb.cert.org/vuls/id/MAPG-7H2RY7
- http://www.kb.cert.org/vuls/id/MAPG-7H2S68
- http://www.openbsd.org/errata42.html#015_ndp
- http://www.openbsd.org/errata43.html#006_ndp
- http://www.securityfocus.com/bid/31529
- http://www.securitytracker.com/id?1021109=
- http://www.securitytracker.com/id?1021132=
- http://www.vupen.com/english/advisories/2008/2750
- http://www.vupen.com/english/advisories/2008/2751
- http://www.vupen.com/english/advisories/2008/2752
- http://www.vupen.com/english/advisories/2009/0633
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45601
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5670
- https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2008-09-036&viewMode=view