漏洞信息详情

多个厂商IPv6 Neighbor Discovery Protocol Implementation Address 欺骗漏洞

漏洞简介

多个厂商操作系统中的IPv6 Neighbor Discovery Protocol (NDP) implementation没有校验原始的Neighbor Discovery信息,这使得远程攻击者可以借助一个虚假信息,引起拒绝服务攻击(失去连接),读取私人的网络流量以及可能执行任意的代码。该虚假信息可以修改Forward Information Base (FIB)。该漏洞与CVE-2008-2476有关。

受漏洞影响的操作系统:

Wind River Systems VxWorks 6.4

Wind River Systems VxWorks 5

OpenBSD OpenBSD 4.4

OpenBSD OpenBSD 4.3

OpenBSD OpenBSD 4.2

NetBSD NetBSD 3.0.2

NetBSD NetBSD 3.0.1

NetBSD NetBSD Current

NetBSD NetBSD 4.0

NetBSD NetBSD 3.1_RC3

NetBSD NetBSD 3.1

NetBSD NetBSD 3.1

NetBSD NetBSD 3,1_RC1

Navision Financials Server 3.0

MidnightBSD MidnightBSD 0.2.1

MidnightBSD MidnightBSD 0.1.1

MidnightBSD MidnightBSD 0.3

MidnightBSD MidnightBSD 0.1

Juniper Networks WXC Series 0

Juniper Networks WX Series 0

Juniper Networks Session and Resource Control Appliance 2.0

Juniper Networks Session and Resource Control Appliance 1.0

Juniper Networks Secure Access 700 0

Juniper Networks Secure Access 6000 SP 6000

Juniper Networks Secure Access 6000 (NetScreen-SA 5000 Series) 0

Juniper Networks Secure Access 4000 (NetScreen-SA 3000 Series) 0

Juniper Networks Secure Access 2000 0

Juniper Networks IVE OS 6.0

Juniper Networks IVE OS 5.0

Juniper Networks IVE OS 4.0

Juniper Networks IVE OS 3.0

Juniper Networks IVE OS 2.0

Juniper Networks IVE OS 1.0

Juniper Networks Infranet Controller 6000

Juniper Networks Infranet Controller 4000

Juniper Networks IDP 4.0

Juniper Networks DXOS 5.0

IBM z/OS

HP HP-UX B.11.31

HP HP-UX B.11.23

HP HP-UX B.11.11

HP HP-UX 11i v3

HP HP-UX 11i v2

HP HP-UX 11i v1

FreeBSD FreeBSD 6.0 .x

FreeBSD FreeBSD 6.0 -STABLE

FreeBSD FreeBSD 6.0 -RELEASE

FreeBSD FreeBSD 7.1 -RELEASE-p1

FreeBSD FreeBSD 7.0-STABLE

FreeBSD FreeBSD 7.0-RELEASE

FreeBSD FreeBSD 7.0 BETA4

FreeBSD FreeBSD 7.0 -RELENG

FreeBSD FreeBSD 7.0 -PRERELEASE

FreeBSD FreeBSD 7.0

FreeBSD FreeBSD 6.3 -RELENG

FreeBSD FreeBSD 6.3

FreeBSD FreeBSD 6.2 -STABLE

FreeBSD FreeBSD 6.2 -RELENG

FreeBSD FreeBSD 6.2

FreeBSD FreeBSD 6.1 -STABLE

FreeBSD FreeBSD 6.1 -RELEASE-p10

FreeBSD FreeBSD 6.1 -RELEASE

FreeBSD FreeBSD 6.0 -RELEASE-p5

Force10 Networks FTOS 7.7.1 1

Avaya Proactive Contact 3.0

Apple AirPort Extreme Base Station 0

Apple AirPort Express Firmware 6.3

Apple AirPort Express Firmware 6.1

Apple AirPort Base Station

漏洞公告

目前部分厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:

OpenBSD OpenBSD 4.3

OpenBSD 006_ndp.patch

ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.3/common/006_ndp.patcftp://ftp.openbsd.org/pub/OpenBSD/patches/4.3/common/006_ndp.patch

OpenBSD OpenBSD 4.4

OpenBSD 001_ndp.patch

ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.4/common/001_ndp.patch ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.4/common/001_ndp.patch

OpenBSD OpenBSD 4.2

OpenBSD 015_ndp.patch

ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.2/common/015_ndp.patch ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.2/common/015_ndp.patch

参考网址

来源: SECTRACK

名称: 1021660

链接:http://www.securitytracker.com/id?1021660

来源: VUPEN

名称: ADV-2009-0312

链接:http://www.frsirt.com/english/advisories/2009/0312

来源: SECUNIA

名称: 33787

链接:http://secunia.com/advisories/33787

来源: OVAL

名称: oval:org.mitre.oval:def:5943

链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5943

来源: HP

名称: SSRT080107

链接:http://marc.info/?l=bugtraq&m=123368621330334&w=2

补丁

    暂无

漏洞信息快速查询

相关漏洞

更多