Multiple Vendors IPv6 Neighbor Discovery Protocol Implementation Address Spoofing Vulnerability
Schweregrad:: Kritisch
CVE Kennungen:: CVE-2008-2476
Hinweisdatum: 21 Juli 2015
Beschreibung
The IPv6 Neighbor Discovery Protocol (NDP) implementation in (1) FreeBSD 6.3 through 7.1, (2) OpenBSD 4.2 and 4.3, (3) NetBSD, (4) Force10 FTOS before E7.7.1.1, (5) Juniper JUNOS, and (6) Wind River VxWorks 5.x through 6.4 does not validate the origin of Neighbor Discovery messages, which allows remote attackers to cause a denial of service (loss of connectivity) or read private network traffic via a spoofed message that modifies the Forward Information Base (FIB).
Trend Micro Lösungen
Apply associated Trend Micro DPI Rules.
Betroffene Software und Version:
- force10 ftos
- freebsd freebsd 6.3
- freebsd freebsd 7.1
- juniper jnos
- netbsd netbsd
- openbsd openbsd 4.2
- openbsd openbsd 4.3
- windriver vxworks 5
- windriver vxworks 5.5
- windriver vxworks 6.4