9.3

CVE-2008-2476

The IPv6 Neighbor Discovery Protocol (NDP) implementation in (1) FreeBSD 6.3 through 7.1, (2) OpenBSD 4.2 and 4.3, (3) NetBSD, (4) Force10 FTOS before E7.7.1.1, (5) Juniper JUNOS, and (6) Wind River VxWorks 5.x through 6.4 does not validate the origin of Neighbor Discovery messages, which allows remote attackers to cause a denial of service (loss of connectivity) or read private network traffic via a spoofed message that modifies the Forward Information Base (FIB).
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
FreebsdFreebsd Version6.3
FreebsdFreebsd Version7.1
OpenbsdOpenbsd Version4.2
OpenbsdOpenbsd Version4.3
WindriverVxworks Version <= 6.4
WindriverVxworks Version5
WindriverVxworks Version5.5
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 7.43% 0.937
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://support.apple.com/kb/HT3467
http://www.vupen.com/english/advisories/2009/0633
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-013.txt.asc
http://secunia.com/advisories/32112
Vendor Advisory
http://secunia.com/advisories/32116
http://secunia.com/advisories/32117
Vendor Advisory
http://secunia.com/advisories/32133
http://secunia.com/advisories/32406
http://security.freebsd.org/advisories/FreeBSD-SA-08:10.nd6.asc
Vendor Advisory
http://securitytracker.com/id?1020968
http://www.kb.cert.org/vuls/id/472363
US Government Resource
http://www.kb.cert.org/vuls/id/MAPG-7H2RY7
US Government Resource
http://www.kb.cert.org/vuls/id/MAPG-7H2S68
US Government Resource
http://www.openbsd.org/errata42.html#015_ndp
http://www.openbsd.org/errata43.html#006_ndp
http://www.securityfocus.com/bid/31529
http://www.securitytracker.com/id?1021109
http://www.securitytracker.com/id?1021132
http://www.vupen.com/english/advisories/2008/2750
http://www.vupen.com/english/advisories/2008/2751
http://www.vupen.com/english/advisories/2008/2752
https://exchange.xforce.ibmcloud.com/vulnerabilities/45601
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5670
https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2008-09-036&viewMode=view