10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.027 Low
EPSS
Percentile
90.4%
A vulnerability in some implementations of the IPv6 Neighbor Discovery Protocol may allow a nearby attacker to intercept traffic or cause congested links to become overloaded.
IPv6 networks use the Neighbor Discovery Protocol (NDP) to detect and locate routers and other on-link IPv6 nodes. NDP uses ICMPv6 types 133, 134, 135, and 136. Neighbor solicitation (type 135) messages are used by NDP to discover and determine the reachability of nearby IPv6 nodes. Nodes that can send each other NDP messages are considered to be on-link (as per RFC 4861).
After receiving a neighbor solicitation request from a system that is on-link and is using a spoofed IPv6 address as the source address, a router will create a neighbor cache entry. When this entry is made, some IPv6 implementations will create a Forwarding Information Base (FIB
) entry. This FIB entry may cause the router to incorrectly forward traffic to the device that sent original spoofed neighbor solicitation request.
Note that an attacker must have IPv6 connectivity to the same router as their target for this vulnerability to be exploited. Although this vulnerability has only a local attack vector (NDP messages are not forwarded by routers), flat IPv6 networks can include many hosts and may cover large geographical distances as compared to IPv4 networks.
Similar problems to this issue have been discussed in RFC 3756 “IPv6 Neighbor Discovery (ND) Trust Models and Threats.”
An attacker may be able to intercept private network traffic. Receiving the traffic may cause links to become congested or saturated due to the additional bandwidth. Administrators are encouraged to read RFC 3756 for more information about other possible vulnerabilities and impacts.
Consider the workarounds below and consult your vendor.
Block packets with illogical source addresses
Blocking traffic that originates from unlikely or illogical source addresses (such as addresses which are not on-link or logically part of a network assigned to an interface, such as the antispoof keyword in pf) will protect against this vulnerability. This workaround may cause unintended side-effects such as breaking some non-typical configurations. Vendors may also implement this workaround as a fix.
Use application layer encryption
Applications that use secure authentication and encryption such as https
, ssh
, and ipsec
can mitigate this vulnerability by preventing an attacker from intercepting or parsing any data that received. Note that an attacker will probably still be able to blackhole IP addresses resulting in a local denial of service regardless of the authentication or encryption methods used. As noted in RFC 3971, it is non-trivial to use ipsec
to protect the integrity of NDP messages.
Design and deploy segmented networks
In a single IPv6 prefix there are certain trust asumptions and if the same IP range is shared all clients will be considered on-link. Segmenting networks will reduce the likelihood of this and similar vulnerabilities from being exploited. Networks can be segmented by assigning unique prefixes to individual router interfaces or by using VLANs.
472363
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: July 30, 2008 Updated: March 12, 2009
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
See <http://support.apple.com/kb/HT3467> for more information.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23472363 Feedback>).
Notified: July 30, 2008 Updated: April 27, 2009
Statement Date: April 24, 2009
Affected
IPv6 enabled Extreme Networks products running EXOS software are affected by this vulnerability.
This issue is being tracked by PD4-693410691 for Extreme Networks products running EXOS software.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: July 30, 2008 Updated: September 30, 2008
Statement Date: July 31, 2008
Affected
IPv6 enabled Force10 routers running FTOS, are affected by this vulnerability. The issue has been identified and fixed in our release E7.7.1.1 and all future releases. For a detail of description, impact, workaround and available fix, please visit our website at <https://www.force10networks.com/csportal20/KnowledgeBase/FieldAlerts.aspx> to view the complete text of the Field Alert.
Notified: July 30, 2008 Updated: October 02, 2008
Affected
We have not received a statement from the vendor.
The FreeBSD Security Team has released the FreeBSD Security Advisory FreeBSD-SA-08:10.nd6 response to this issue.
See <http://security.freebsd.org/patches/SA-08:10/nd6-7.patch> for more information.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23472363 Feedback>).
Notified: July 30, 2008 Updated: August 05, 2008
Statement Date: July 30, 2008
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 30, 2008 Updated: October 02, 2008
Statement Date: October 02, 2008
Affected
We have not received a statement from the vendor.
Juniper has posted a Security Bulletin about this issue addressing the security issues identified by VU#472363.
More information is available to registered customers at https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2008-09-036&viewMode=view
Notified: July 30, 2008 Updated: October 29, 2008
Affected
We have not received a statement from the vendor.
See <ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-013.txt.asc/> for more information.
Notified: July 30, 2008 Updated: October 03, 2008
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
See <http://openbsd.org/errata43.html#006_ndp> for more information.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23472363 Feedback>).
Notified: July 30, 2008 Updated: November 03, 2008
Statement Date: October 31, 2008
Affected
We have not received a statement from the vendor.
Wind River has analyzed VU#472363, and determined that VxWorks versions 6.5 and higher are not affected. However, VxWorks versions 5.x through 6.4 are affected. Register users can access Wind River’s online support for patches, and more in formation by following this link:
<https://portal.windriver.com/cgi-bin/windsurf/downloads/view_binary.cgi?binaryid=118544>
Or contact Wind River technical support for more information:
<http://windriver.com/support/>
Notified: July 30, 2008 Updated: September 29, 2008
Statement Date: September 26, 2008
Not Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: July 30, 2008 Updated: November 07, 2008
Not Affected
This is to confirm that no Cisco products are affected by the vulnerability described in Vulnerability Note VU#472363 titled: “IPv6 implementations insecurely update Forward Information Base”.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: July 30, 2008 Updated: October 02, 2008
Not Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: July 30, 2008 Updated: October 02, 2008
Not Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: July 30, 2008 Updated: September 29, 2008
Not Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: July 30, 2008 Updated: October 02, 2008
Not Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: July 30, 2008 Updated: September 26, 2008
Statement Date: September 25, 2008
Not Affected
We have not received a statement from the vendor.
Enterasys has researched CERT VU#472363 and concluded that none of the current Enterasys products are vulnerable. To ensure the highest level of security and as an extra precaution, Enterasys recommends being proactive by following network security and product configuration best practices.
Notified: July 30, 2008 Updated: September 18, 2008
Statement Date: September 18, 2008
Not Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 30, 2008 Updated: October 02, 2008
Statement Date: October 01, 2008
Not Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: July 30, 2008 Updated: September 18, 2008
Statement Date: September 18, 2008
Not Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 30, 2008 Updated: October 01, 2008
Not Affected
After investigating this report, we determined this issue does not directly affect any Microsoft products.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: July 30, 2008 Updated: August 13, 2008
Not Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Openwall GNU//Linux does not officially support IPv6. We do not have IPv6 support enabled in our kernels by default (nor can the corresponding kernel module possibly get auto-loaded, which would be a concern on some other Linux systems - we also do not support module auto-loading). While it is probably possible to configure an Openwall GNU//Linux system with a custom kernel build such that it would be vulnerable, anyone doing so is acting on his/her own.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23472363 Feedback>).
Notified: July 30, 2008 Updated: September 19, 2008
Statement Date: September 19, 2008
Not Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 30, 2008 Updated: August 04, 2008
Not Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 30, 2008 Updated: July 31, 2008
Statement Date: July 30, 2008
Not Affected
Quagga is not impacted.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 30, 2008 Updated: July 31, 2008
Statement Date: July 31, 2008
Not Affected
We are not affected.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 30, 2008 Updated: July 31, 2008
Statement Date: July 31, 2008
Not Affected
We would like to inform you that Red Hat Enterprise Linux is not affected by this vulnerability as we never had any code that added routes in response to ndisc solicitations.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 30, 2008 Updated: September 29, 2008
Statement Date: September 26, 2008
Not Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: July 30, 2008 Updated: October 07, 2008
Not Affected
We have not received a statement from the vendor.
To the best of our knowledge Linux and therefore SUSE Linux based products are not affected by this problem.
Notified: July 30, 2008 Updated: September 19, 2008
Statement Date: September 19, 2008
Not Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 30, 2008 Updated: July 31, 2008
Statement Date: July 30, 2008
Not Affected
Solaris IPv6 implementation is not vulnerable to this issue.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 30, 2008 Updated: September 29, 2008
Statement Date: September 26, 2008
Not Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: July 30, 2008 Updated: August 05, 2008
Not Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 30, 2008 Updated: July 30, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 30, 2008 Updated: July 30, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 30, 2008 Updated: July 30, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 30, 2008 Updated: July 30, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 18, 2008 Updated: September 18, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 30, 2008 Updated: July 30, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 30, 2008 Updated: July 30, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 30, 2008 Updated: July 30, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 30, 2008 Updated: July 30, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 30, 2008 Updated: July 30, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 30, 2008 Updated: July 30, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 30, 2008 Updated: July 30, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 30, 2008 Updated: July 30, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 30, 2008 Updated: July 30, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 30, 2008 Updated: July 30, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 30, 2008 Updated: July 30, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 30, 2008 Updated: July 30, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 30, 2008 Updated: July 30, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 30, 2008 Updated: July 30, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 30, 2008 Updated: July 30, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 30, 2008 Updated: July 30, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 30, 2008 Updated: July 30, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 30, 2008 Updated: July 30, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 30, 2008 Updated: July 30, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 22, 2008 Updated: August 22, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 22, 2008 Updated: August 22, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 30, 2008 Updated: July 30, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 30, 2008 Updated: July 30, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 30, 2008 Updated: July 30, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 30, 2008 Updated: July 30, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 30, 2008 Updated: July 30, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 30, 2008 Updated: July 30, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 30, 2008 Updated: July 30, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 30, 2008 Updated: July 30, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 18, 2008 Updated: September 18, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 30, 2008 Updated: July 30, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 30, 2008 Updated: July 30, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 22, 2008 Updated: August 22, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 30, 2008 Updated: July 30, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 30, 2008 Updated: July 30, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 04, 2008 Updated: August 04, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 30, 2008 Updated: July 30, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 30, 2008 Updated: July 30, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 30, 2008 Updated: July 30, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 30, 2008 Updated: July 30, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 30, 2008 Updated: July 30, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 30, 2008 Updated: July 30, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 30, 2008 Updated: July 30, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 30, 2008 Updated: July 30, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 30, 2008 Updated: July 30, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 30, 2008 Updated: July 30, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 30, 2008 Updated: July 30, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 30, 2008 Updated: July 30, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 30, 2008 Updated: July 30, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 30, 2008 Updated: July 30, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 30, 2008 Updated: July 30, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 30, 2008 Updated: July 30, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 30, 2008 Updated: July 30, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 30, 2008 Updated: July 30, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 30, 2008 Updated: July 30, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 30, 2008 Updated: July 30, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 30, 2008 Updated: July 30, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 30, 2008 Updated: July 30, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 18, 2008 Updated: September 18, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 30, 2008 Updated: July 30, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 30, 2008 Updated: July 30, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 30, 2008 Updated: July 30, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 30, 2008 Updated: July 30, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 30, 2008 Updated: October 02, 2008
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: July 30, 2008 Updated: July 30, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 30, 2008 Updated: July 30, 2008
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
View all 103 vendors __View less vendors __
Group | Score | Vector |
---|---|---|
Base | 0 | AV:–/AC:–/Au:–/C:–/I:–/A:– |
Temporal | 0 | E:Not Defined (ND)/RL:Not Defined (ND)/RC:Not Defined (ND) |
Environmental | 0 | CDP:Not Defined (ND)/TD:Not Defined (ND)/CR:Not Defined (ND)/IR:Not Defined (ND)/AR:Not Defined (ND) |
Thanks to David Miles for reporting this vulnerability. Numerous vendors and others also provided technical information that was used in this report.
This document was written by Ryan Giobbi, Evan Wright, Chad Dougherty, and Art Manion.
CVE IDs: | CVE-2008-4404, CVE-2008-2476 |
---|---|
Severity Metric: | 2.70 Date Public: |
docs.sun.com/app/docs/doc/817-0573/6mgc65bb6?a=view
en.wikipedia.org/wiki/Forwarding_Information_Base#FIBs_in_Ingress_Filtering_against_Denial_of_Service
en.wikipedia.org/wiki/Reverse_path_forwarding
msdn.microsoft.com/en-us/library/ms900123.aspx
tools.ietf.org/html/rfc3971
tools.ietf.org/html/rfc4861
tools.ietf.org/html/rfc4861#section-2.1
www.ietf.org/rfc/rfc2461.txt
www.ietf.org/rfc/rfc3177.txt
www.ietf.org/rfc/rfc3756.txt
www.openbsd.org/faq/pf/filter.html#antispoof