SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Your Ad Here
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  OS (UNIX)  >  OpenBSD Kernel Vendors:  OpenBSD
OpenBSD IPv6 Neighbor Discovery Protocol Spoofing Bug Lets Remote Users Modify Routing Data in Certain Cases
SecurityTracker Alert ID:  1021132
SecurityTracker URL:  http://securitytracker.com/id?1021132
CVE Reference:  CVE-2008-2476   (Links to External Site)
Date:  Nov 3 2008
Impact:  Disclosure of system information, Disclosure of user information, Modification of system information
Fix Available:  Yes   Vendor Confirmed:  Yes  
Advisory:  OpenBSD Errata
Version(s): 4.2, 4.3, 4.4
Description:  A vulnerability was reported in the OpenBSD IPv6 Neighbor Discovery Protocol. A remote user can modify routing data for a target router in certain cases.

A remote user on a physical network of an IPv6 router can spoof Neighbor Discovery messages to update routing information for a target router on a different physical network adjacent to the IPv6 router. The remote user can exploit this to deny service or access network traffic from the target router.

David Miles reported this vulnerability.
Impact:  A remote user can modify routing data for a target router in certain cases to deny service or redirect and access network traffic.
Solution:  The vendor has issued patches:

ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.4/common/001_ndp.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.3/common/006_ndp.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.2/common/015_ndp.patch
Vendor URL:  www.openbsd.org/ (Links to External Site)
Cause:  Authentication error
Underlying OS:  UNIX (OpenBSD)

Message History:   None.

 Source Message Contents
Date:  Mon, 3 Nov 2008 18:11:49 -0500
Subject:  OpenBSD

 
 
The Neighbor Discovery Protocol (ndp) did not correctly verify neighbor solicitation 
requests maybe allowing a nearby attacker to intercept traffic. The attacker must have 
IPv6 connectivity to the same router as their target for this vulnerability to be 
exploited. CVE-2008-2476.
 
ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.4/common/001_ndp.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.3/common/006_ndp.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.2/common/015_ndp.patch


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2007, SecurityGlobal.net LLC