CVE-2008-2476: Input Validation
First published: Fri Oct 03 2008(Updated: )
The IPv6 Neighbor Discovery Protocol (NDP) implementation in (1) FreeBSD 6.3 through 7.1, (2) OpenBSD 4.2 and 4.3, (3) NetBSD, (4) Force10 FTOS before E7.7.1.1, (5) Juniper JUNOS, and (6) Wind River VxWorks 5.x through 6.4 does not validate the origin of Neighbor Discovery messages, which allows remote attackers to cause a denial of service (loss of connectivity) or read private network traffic via a spoofed message that modifies the Forward Information Base (FIB).
Credit: cret@cert.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Force10 FTOS | ||
| FreeBSD FreeBSD | =6.3 | |
| FreeBSD FreeBSD | =7.1 | |
| Juniper Jnos | ||
| NetBSD NetBSD | ||
| Openbsd Openbsd | =4.2 | |
| Openbsd Openbsd | =4.3 | |
| Windriver Vxworks | <=6.4 | |
| Windriver Vxworks | =5 | |
| Windriver Vxworks | =5.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://secunia.com/advisories/32112
- http://secunia.com/advisories/32116
- http://secunia.com/advisories/32117
- http://secunia.com/advisories/32133
- http://secunia.com/advisories/32406
- http://security.freebsd.org/advisories/FreeBSD-SA-08:10.nd6.asc
- http://securitytracker.com/id?1020968
- http://support.apple.com/kb/HT3467
- http://www.kb.cert.org/vuls/id/472363
- http://www.kb.cert.org/vuls/id/MAPG-7H2RY7
- http://www.kb.cert.org/vuls/id/MAPG-7H2S68
- http://www.openbsd.org/errata42.html#015_ndp
- http://www.openbsd.org/errata43.html#006_ndp
- http://www.securityfocus.com/bid/31529
- http://www.securitytracker.com/id?1021109
- http://www.securitytracker.com/id?1021132
- http://www.vupen.com/english/advisories/2008/2750
- http://www.vupen.com/english/advisories/2008/2751
- http://www.vupen.com/english/advisories/2008/2752
- http://www.vupen.com/english/advisories/2009/0633
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45601
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5670
- https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2008-09-036&viewMode=view
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/tags
- agent/softwarecombine
- agent/description
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/force10
- canonical/force10 ftos
- vendor/freebsd
- canonical/freebsd freebsd
- version/freebsd freebsd/6.3
- version/freebsd freebsd/7.1
- vendor/juniper
- canonical/juniper jnos
- vendor/netbsd
- canonical/netbsd netbsd
- vendor/openbsd
- canonical/openbsd openbsd
- version/openbsd openbsd/4.2
- version/openbsd openbsd/4.3
- vendor/windriver
- canonical/windriver vxworks
- version/windriver vxworks/6.4
- version/windriver vxworks/5
- version/windriver vxworks/5.5