PRIOn knowledge basePRION:CVE-2008-2476Design/Logic Flaw
The IPv6 Neighbor Discovery Protocol (NDP) implementation in (1) FreeBSD 6.3 through 7.1, (2) OpenBSD 4.2 and 4.3, (3) NetBSD, (4) Force10 FTOS before E7.7.1.1, (5) Juniper JUNOS, and (6) Wind River VxWorks 5.x through 6.4 does not validate the origin of Neighbor Discovery messages, which allows remote attackers to cause a denial of service (loss of connectivity) or read private network traffic via a spoofed message that modifies the Forward Information Base (FIB).
References
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-013.txt.asc
secunia.com/advisories/32112
secunia.com/advisories/32116
secunia.com/advisories/32117
secunia.com/advisories/32133
secunia.com/advisories/32406
security.freebsd.org/advisories/FreeBSD-SA-08:10.nd6.asc
securitytracker.com/id?1020968
support.apple.com/kb/HT3467
www.kb.cert.org/vuls/id/472363
www.kb.cert.org/vuls/id/MAPG-7H2RY7
www.kb.cert.org/vuls/id/MAPG-7H2S68
www.openbsd.org/errata42.html
www.openbsd.org/errata43.html
www.securityfocus.com/bid/31529
www.securitytracker.com/id?1021109
www.securitytracker.com/id?1021132
www.vupen.com/english/advisories/2008/2750
www.vupen.com/english/advisories/2008/2751
www.vupen.com/english/advisories/2008/2752
www.vupen.com/english/advisories/2009/0633
exchange.xforce.ibmcloud.com/vulnerabilities/45601
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5670
www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2008-09-036&viewMode=view
Related
