CVE-2008-2476
published 2008-10-03CVE-2008-2476: The IPv6 Neighbor Discovery Protocol (NDP) implementation in (1) FreeBSD 6.3 through 7.1, (2) OpenBSD 4.2 and 4.3, (3) NetBSD, (4) Force10 FTOS before…
PriorityP342critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
7.42%
93.7th percentile
The IPv6 Neighbor Discovery Protocol (NDP) implementation in (1) FreeBSD 6.3 through 7.1, (2) OpenBSD 4.2 and 4.3, (3) NetBSD, (4) Force10 FTOS before E7.7.1.1, (5) Juniper JUNOS, and (6) Wind River VxWorks 5.x through 6.4 does not validate the origin of Neighbor Discovery messages, which allows remote attackers to cause a denial of service (loss of connectivity) or read private network traffic via a spoofed message that modifies the Forward Information Base (FIB).
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| freebsd | freebsd | — | — |
| freebsd | freebsd | — | — |
| hp | hp-ux | — | — |
| hp | hp-ux | — | — |
| hp | hp-ux | — | — |
| juniper | junos_os | — | — |
| openbsd | openbsd | — | — |
| openbsd | openbsd | — | — |
| windriver | vxworks | <= 6.4 | — |
| windriver | vxworks | — | — |
| windriver | vxworks | — | — |
CVSS provenance
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vendor_redhat9.3CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Juniper
CVE-2008-2476: The IPv6 Neighbor Discovery Protocol (NDP) implementation in (1) FreeBSD 6.3 through 7.1, (2) OpenBSD 4.2 and 4.3, (3) NetBSD, (4) Force10 FTOS before
vendor_juniper·2008-10-03·CVSS 9.3
CVE-2008-2476 [CRITICAL] CWE-20 CVE-2008-2476: The IPv6 Neighbor Discovery Protocol (NDP) implementation in (1) FreeBSD 6.3 through 7.1, (2) OpenBSD 4.2 and 4.3, (3) NetBSD, (4) Force10 FTOS before
CVE-2008-2476: The IPv6 Neighbor Discovery Protocol (NDP) implementation in (1) FreeBSD 6.3 through 7.1, (2) OpenBSD 4.2 and 4.3, (3) NetBSD, (4) Force10 FTOS before E7.7.1.1, (5) Juniper JUNOS, and (6) Wind River VxWorks 5.x through 6.4 does not validate the origin of Neighbor Discovery messages, which allows remote attackers to cause a denial of service (loss of connectivity) or read private network traffic via a spoofed message that modifies the Forward Information Base (FIB).
BSD
FreeBSD-SA-08:10.nd6: IPv6 Neighbor Discovery Protocol routing vulnerability
bsd_advisories·2008-10-02·CVSS 9.3
CVE-2008-2476 [CRITICAL] FreeBSD-SA-08:10.nd6: IPv6 Neighbor Discovery Protocol routing vulnerability
FreeBSD-SA-08:10.nd6 Security Advisory
The FreeBSD Project
Topic: IPv6 Neighbor Discovery Protocol routing vulnerability
Category: core
Module: sys_netinet6
Announced: 2008-10-01
Credits: David Miles
Affects: All supported versions of FreeBSD.
Corrected: 2008-10-01 00:32:59 UTC (RELENG_7, 7.1-PRERELEASE)
2008-10-01 00:32:59 UTC (RELENG_7_0, 7.0-RELEASE-p5)
2008-10-01 00:32:59 UTC (RELENG_6, 6.4-PRERELEASE)
2008-10-01 00:32:59 UTC (RELENG_6_3, 6.3-RELEASE-p5)
CVE Name: CVE-2008-2476
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit .
I. Background
IPv6 nodes use the Neighbor Discovery protocol to determine the link-layer
address of other nodes, find routers, and maintain
Red Hat
CVE-2008-2476: The IPv6 Neighbor Discovery Protocol (NDP) implementation in (1) FreeBSD 6
vendor_redhat·CVSS 9.3
CVE-2008-2476 [CRITICAL] CVE-2008-2476: The IPv6 Neighbor Discovery Protocol (NDP) implementation in (1) FreeBSD 6
The IPv6 Neighbor Discovery Protocol (NDP) implementation in (1) FreeBSD 6.3 through 7.1, (2) OpenBSD 4.2 and 4.3, (3) NetBSD, (4) Force10 FTOS before E7.7.1.1, (5) Juniper JUNOS, and (6) Wind River VxWorks 5.x through 6.4 does not validate the origin of Neighbor Discovery messages, which allows remote attackers to cause a denial of service (loss of connectivity) or read private network traffic via a spoofed message that modifies the Forward Information Base (FIB).
Statement: Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, 5 or Red Hat Enterprise MRG.
GHSA
GHSA-xvw3-ghj5-vvrf: The IPv6 Neighbor Discovery Protocol (NDP) implementation in (1) FreeBSD 6
ghsa_unreviewed·2022-05-03
CVE-2008-2476 [HIGH] CWE-20 GHSA-xvw3-ghj5-vvrf: The IPv6 Neighbor Discovery Protocol (NDP) implementation in (1) FreeBSD 6
The IPv6 Neighbor Discovery Protocol (NDP) implementation in (1) FreeBSD 6.3 through 7.1, (2) OpenBSD 4.2 and 4.3, (3) NetBSD, (4) Force10 FTOS before E7.7.1.1, (5) Juniper JUNOS, and (6) Wind River VxWorks 5.x through 6.4 does not validate the origin of Neighbor Discovery messages, which allows remote attackers to cause a denial of service (loss of connectivity) or read private network traffic via a spoofed message that modifies the Forward Information Base (FIB).
GHSA
GHSA-5c8h-74jm-rr6m: The IPv6 Neighbor Discovery Protocol (NDP) implementation on IBM zSeries servers does not validate the origin of Neighbor Discovery messages, which al
ghsa_unreviewed·2022-05-02·CVSS 9.3
CVE-2008-4404 [CRITICAL] CWE-20 GHSA-5c8h-74jm-rr6m: The IPv6 Neighbor Discovery Protocol (NDP) implementation on IBM zSeries servers does not validate the origin of Neighbor Discovery messages, which al
The IPv6 Neighbor Discovery Protocol (NDP) implementation on IBM zSeries servers does not validate the origin of Neighbor Discovery messages, which allows remote attackers to cause a denial of service (loss of connectivity) or read private network traffic via a spoofed message that modifies the Forward Information Base (FIB), a related issue to CVE-2008-2476.
GHSA
GHSA-6rg3-f36h-w236: The IPv6 Neighbor Discovery Protocol (NDP) implementation in HP HP-UX B
ghsa_unreviewed·2022-05-02·CVSS 9.3
CVE-2009-0418 [CRITICAL] CWE-20 GHSA-6rg3-f36h-w236: The IPv6 Neighbor Discovery Protocol (NDP) implementation in HP HP-UX B
The IPv6 Neighbor Discovery Protocol (NDP) implementation in HP HP-UX B.11.11, B.11.23, and B.11.31 does not validate the origin of Neighbor Discovery messages, which allows remote attackers to cause a denial of service (loss of connectivity), read private network traffic, and possibly execute arbitrary code via a spoofed message that modifies the Forward Information Base (FIB), a related issue to CVE-2008-2476.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-013.txt.aschttp://secunia.com/advisories/32112http://secunia.com/advisories/32116http://secunia.com/advisories/32117http://secunia.com/advisories/32133http://secunia.com/advisories/32406http://security.freebsd.org/advisories/FreeBSD-SA-08:10.nd6.aschttp://securitytracker.com/id?1020968http://support.apple.com/kb/HT3467http://www.kb.cert.org/vuls/id/472363http://www.kb.cert.org/vuls/id/MAPG-7H2RY7http://www.kb.cert.org/vuls/id/MAPG-7H2S68http://www.openbsd.org/errata42.html#015_ndphttp://www.openbsd.org/errata43.html#006_ndphttp://www.securityfocus.com/bid/31529http://www.securitytracker.com/id?1021109http://www.securitytracker.com/id?1021132http://www.vupen.com/english/advisories/2008/2750http://www.vupen.com/english/advisories/2008/2751http://www.vupen.com/english/advisories/2008/2752http://www.vupen.com/english/advisories/2009/0633https://exchange.xforce.ibmcloud.com/vulnerabilities/45601https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5670https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2008-09-036&viewMode=viewftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-013.txt.aschttp://secunia.com/advisories/32112http://secunia.com/advisories/32116http://secunia.com/advisories/32117http://secunia.com/advisories/32133http://secunia.com/advisories/32406http://security.freebsd.org/advisories/FreeBSD-SA-08:10.nd6.aschttp://securitytracker.com/id?1020968http://support.apple.com/kb/HT3467http://www.kb.cert.org/vuls/id/472363http://www.kb.cert.org/vuls/id/MAPG-7H2RY7http://www.kb.cert.org/vuls/id/MAPG-7H2S68http://www.openbsd.org/errata42.html#015_ndphttp://www.openbsd.org/errata43.html#006_ndphttp://www.securityfocus.com/bid/31529http://www.securitytracker.com/id?1021109http://www.securitytracker.com/id?1021132http://www.vupen.com/english/advisories/2008/2750http://www.vupen.com/english/advisories/2008/2751http://www.vupen.com/english/advisories/2008/2752http://www.vupen.com/english/advisories/2009/0633https://exchange.xforce.ibmcloud.com/vulnerabilities/45601https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5670https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2008-09-036&viewMode=view
2008-10-03
Published