SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (UNIX)  >   HP-UX Vendors:   HPE
HP-UX IPv6 Neighbor Discovery Protocol Spoofing Bug Lets Remote Users Modify Routing Data in Certain Cases
SecurityTracker Alert ID:  1021660
SecurityTracker URL:  http://securitytracker.com/id/1021660
CVE Reference:   CVE-2008-2476, CVE-2008-4404   (Links to External Site)
Date:  Feb 3 2009
Impact:   Denial of service via network, Disclosure of system information, Disclosure of user information, Modification of system information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): B.11.11, B.11.23, B.11.31
Description:   A vulnerability was reported in the HP-UX IPv6 Neighbor Discovery Protocol. A remote user can modify routing data for a target router in certain cases.

A remote user on a physical network of an IPv6 router can spoof Neighbor Discovery messages to update routing information for a target router on a different physical network adjacent to the IPv6 router. The remote user can exploit this to deny service or access network traffic from the target router.

David Miles reported this vulnerability.

Impact:   A remote user can modify routing data for a target router in certain cases to deny service or redirect and access network traffic.
Solution:   HP has issued patches, available at:

http://itrc.hp.com

B.11.11 (11i v1)
PHNE_37898

B.11.23 (11i v2)
PHNE_37897

B.11.31 (11i v3)
PHNE_38680

The vendor's advisory is available at:

https://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01662367

Vendor URL:  www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01662367 (Links to External Site)
Cause:   Authentication error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC