CVE - CVE-2008-2476

CVE-ID
CVE-2008-2476	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The IPv6 Neighbor Discovery Protocol (NDP) implementation in (1) FreeBSD 6.3 through 7.1, (2) OpenBSD 4.2 and 4.3, (3) NetBSD, (4) Force10 FTOS before E7.7.1.1, (5) Juniper JUNOS, and (6) Wind River VxWorks 5.x through 6.4 does not validate the origin of Neighbor Discovery messages, which allows remote attackers to cause a denial of service (loss of connectivity) or read private network traffic via a spoofed message that modifies the Forward Information Base (FIB).
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:31529 URL:http://www.securityfocus.com/bid/31529 CERT-VN:VU#472363 URL:http://www.kb.cert.org/vuls/id/472363 CONFIRM:http://support.apple.com/kb/HT3467 CONFIRM:http://www.kb.cert.org/vuls/id/MAPG-7H2RY7 CONFIRM:http://www.kb.cert.org/vuls/id/MAPG-7H2S68 FREEBSD:FreeBSD-SA-08:10 URL:http://security.freebsd.org/advisories/FreeBSD-SA-08:10.nd6.asc MISC:https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2008-09-036&viewMode=view NETBSD:NetBSD-SA2008-013 URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-013.txt.asc OPENBSD:[4.2] 015: SECURITY FIX: October 2, 2008 URL:http://www.openbsd.org/errata42.html#015_ndp OPENBSD:[4.3] 006: SECURITY FIX: October 2, 2008 URL:http://www.openbsd.org/errata43.html#006_ndp OVAL:oval:org.mitre.oval:def:5670 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5670 SECTRACK:1020968 URL:http://securitytracker.com/id?1020968 SECTRACK:1021109 URL:http://www.securitytracker.com/id?1021109 SECTRACK:1021132 URL:http://www.securitytracker.com/id?1021132 SECUNIA:32112 URL:http://secunia.com/advisories/32112 SECUNIA:32116 URL:http://secunia.com/advisories/32116 SECUNIA:32117 URL:http://secunia.com/advisories/32117 SECUNIA:32133 URL:http://secunia.com/advisories/32133 SECUNIA:32406 URL:http://secunia.com/advisories/32406 VUPEN:ADV-2008-2750 URL:~~http://www.vupen.com/english/advisories/2008/2750~~ (Obsolete source) VUPEN:ADV-2008-2751 URL:~~http://www.vupen.com/english/advisories/2008/2751~~ (Obsolete source) VUPEN:ADV-2008-2752 URL:~~http://www.vupen.com/english/advisories/2008/2752~~ (Obsolete source) VUPEN:ADV-2009-0633 URL:~~http://www.vupen.com/english/advisories/2009/0633~~ (Obsolete source) XF:multiple-vendors-ndp-dos(45601) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/45601
Assigning CNA
CERT/CC
Date Record Created
20080528	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20080528)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)