Vulnerabilites related to juniper - jnos
CVE-2008-2476 (GCVE-0-2008-2476)
Vulnerability from cvelistv5
Published
2008-10-03 15:00
Modified
2024-08-07 09:05
Severity ?
CWE
  • n/a
Summary
The IPv6 Neighbor Discovery Protocol (NDP) implementation in (1) FreeBSD 6.3 through 7.1, (2) OpenBSD 4.2 and 4.3, (3) NetBSD, (4) Force10 FTOS before E7.7.1.1, (5) Juniper JUNOS, and (6) Wind River VxWorks 5.x through 6.4 does not validate the origin of Neighbor Discovery messages, which allows remote attackers to cause a denial of service (loss of connectivity) or read private network traffic via a spoofed message that modifies the Forward Information Base (FIB).
References
http://secunia.com/advisories/32406 third-party-advisory, x_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilities/45601 vdb-entry, x_refsource_XF
http://support.apple.com/kb/HT3467 x_refsource_CONFIRM
http://www.openbsd.org/errata42.html#015_ndp vendor-advisory, x_refsource_OPENBSD
http://www.vupen.com/english/advisories/2008/2751 vdb-entry, x_refsource_VUPEN
http://www.securitytracker.com/id?1021109 vdb-entry, x_refsource_SECTRACK
http://securitytracker.com/id?1020968 vdb-entry, x_refsource_SECTRACK
http://secunia.com/advisories/32133 third-party-advisory, x_refsource_SECUNIA
http://www.kb.cert.org/vuls/id/472363 third-party-advisory, x_refsource_CERT-VN
http://www.kb.cert.org/vuls/id/MAPG-7H2RY7 x_refsource_CONFIRM
http://secunia.com/advisories/32116 third-party-advisory, x_refsource_SECUNIA
http://www.securitytracker.com/id?1021132 vdb-entry, x_refsource_SECTRACK
https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2008-09-036&viewMode=view x_refsource_MISC
http://www.vupen.com/english/advisories/2008/2750 vdb-entry, x_refsource_VUPEN
http://www.vupen.com/english/advisories/2008/2752 vdb-entry, x_refsource_VUPEN
http://www.securityfocus.com/bid/31529 vdb-entry, x_refsource_BID
http://www.kb.cert.org/vuls/id/MAPG-7H2S68 x_refsource_CONFIRM
http://security.freebsd.org/advisories/FreeBSD-SA-08:10.nd6.asc vendor-advisory, x_refsource_FREEBSD
http://www.openbsd.org/errata43.html#006_ndp vendor-advisory, x_refsource_OPENBSD
http://secunia.com/advisories/32112 third-party-advisory, x_refsource_SECUNIA
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-013.txt.asc vendor-advisory, x_refsource_NETBSD
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5670 vdb-entry, signature, x_refsource_OVAL
http://secunia.com/advisories/32117 third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2009/0633 vdb-entry, x_refsource_VUPEN
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T09:05:29.861Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "32406",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32406"
          },
          {
            "name": "multiple-vendors-ndp-dos(45601)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45601"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT3467"
          },
          {
            "name": "[4.2] 015: SECURITY FIX: October 2, 2008",
            "tags": [
              "vendor-advisory",
              "x_refsource_OPENBSD",
              "x_transferred"
            ],
            "url": "http://www.openbsd.org/errata42.html#015_ndp"
          },
          {
            "name": "ADV-2008-2751",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/2751"
          },
          {
            "name": "1021109",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1021109"
          },
          {
            "name": "1020968",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1020968"
          },
          {
            "name": "32133",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32133"
          },
          {
            "name": "VU#472363",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/472363"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/MAPG-7H2RY7"
          },
          {
            "name": "32116",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32116"
          },
          {
            "name": "1021132",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1021132"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search\u0026txtAlertNumber=PSN-2008-09-036\u0026viewMode=view"
          },
          {
            "name": "ADV-2008-2750",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/2750"
          },
          {
            "name": "ADV-2008-2752",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/2752"
          },
          {
            "name": "31529",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/31529"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/MAPG-7H2S68"
          },
          {
            "name": "FreeBSD-SA-08:10",
            "tags": [
              "vendor-advisory",
              "x_refsource_FREEBSD",
              "x_transferred"
            ],
            "url": "http://security.freebsd.org/advisories/FreeBSD-SA-08:10.nd6.asc"
          },
          {
            "name": "[4.3] 006: SECURITY FIX: October 2, 2008",
            "tags": [
              "vendor-advisory",
              "x_refsource_OPENBSD",
              "x_transferred"
            ],
            "url": "http://www.openbsd.org/errata43.html#006_ndp"
          },
          {
            "name": "32112",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32112"
          },
          {
            "name": "NetBSD-SA2008-013",
            "tags": [
              "vendor-advisory",
              "x_refsource_NETBSD",
              "x_transferred"
            ],
            "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-013.txt.asc"
          },
          {
            "name": "oval:org.mitre.oval:def:5670",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5670"
          },
          {
            "name": "32117",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32117"
          },
          {
            "name": "ADV-2009-0633",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/0633"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-10-02T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The IPv6 Neighbor Discovery Protocol (NDP) implementation in (1) FreeBSD 6.3 through 7.1, (2) OpenBSD 4.2 and 4.3, (3) NetBSD, (4) Force10 FTOS before E7.7.1.1, (5) Juniper JUNOS, and (6) Wind River VxWorks 5.x through 6.4 does not validate the origin of Neighbor Discovery messages, which allows remote attackers to cause a denial of service (loss of connectivity) or read private network traffic via a spoofed message that modifies the Forward Information Base (FIB)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-28T12:57:01",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "name": "32406",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32406"
        },
        {
          "name": "multiple-vendors-ndp-dos(45601)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45601"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT3467"
        },
        {
          "name": "[4.2] 015: SECURITY FIX: October 2, 2008",
          "tags": [
            "vendor-advisory",
            "x_refsource_OPENBSD"
          ],
          "url": "http://www.openbsd.org/errata42.html#015_ndp"
        },
        {
          "name": "ADV-2008-2751",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/2751"
        },
        {
          "name": "1021109",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1021109"
        },
        {
          "name": "1020968",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1020968"
        },
        {
          "name": "32133",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32133"
        },
        {
          "name": "VU#472363",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/472363"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.kb.cert.org/vuls/id/MAPG-7H2RY7"
        },
        {
          "name": "32116",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32116"
        },
        {
          "name": "1021132",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1021132"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search\u0026txtAlertNumber=PSN-2008-09-036\u0026viewMode=view"
        },
        {
          "name": "ADV-2008-2750",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/2750"
        },
        {
          "name": "ADV-2008-2752",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/2752"
        },
        {
          "name": "31529",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/31529"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.kb.cert.org/vuls/id/MAPG-7H2S68"
        },
        {
          "name": "FreeBSD-SA-08:10",
          "tags": [
            "vendor-advisory",
            "x_refsource_FREEBSD"
          ],
          "url": "http://security.freebsd.org/advisories/FreeBSD-SA-08:10.nd6.asc"
        },
        {
          "name": "[4.3] 006: SECURITY FIX: October 2, 2008",
          "tags": [
            "vendor-advisory",
            "x_refsource_OPENBSD"
          ],
          "url": "http://www.openbsd.org/errata43.html#006_ndp"
        },
        {
          "name": "32112",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32112"
        },
        {
          "name": "NetBSD-SA2008-013",
          "tags": [
            "vendor-advisory",
            "x_refsource_NETBSD"
          ],
          "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-013.txt.asc"
        },
        {
          "name": "oval:org.mitre.oval:def:5670",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5670"
        },
        {
          "name": "32117",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32117"
        },
        {
          "name": "ADV-2009-0633",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/0633"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2008-2476",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The IPv6 Neighbor Discovery Protocol (NDP) implementation in (1) FreeBSD 6.3 through 7.1, (2) OpenBSD 4.2 and 4.3, (3) NetBSD, (4) Force10 FTOS before E7.7.1.1, (5) Juniper JUNOS, and (6) Wind River VxWorks 5.x through 6.4 does not validate the origin of Neighbor Discovery messages, which allows remote attackers to cause a denial of service (loss of connectivity) or read private network traffic via a spoofed message that modifies the Forward Information Base (FIB)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "32406",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/32406"
            },
            {
              "name": "multiple-vendors-ndp-dos(45601)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45601"
            },
            {
              "name": "http://support.apple.com/kb/HT3467",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT3467"
            },
            {
              "name": "[4.2] 015: SECURITY FIX: October 2, 2008",
              "refsource": "OPENBSD",
              "url": "http://www.openbsd.org/errata42.html#015_ndp"
            },
            {
              "name": "ADV-2008-2751",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/2751"
            },
            {
              "name": "1021109",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1021109"
            },
            {
              "name": "1020968",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1020968"
            },
            {
              "name": "32133",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/32133"
            },
            {
              "name": "VU#472363",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/472363"
            },
            {
              "name": "http://www.kb.cert.org/vuls/id/MAPG-7H2RY7",
              "refsource": "CONFIRM",
              "url": "http://www.kb.cert.org/vuls/id/MAPG-7H2RY7"
            },
            {
              "name": "32116",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/32116"
            },
            {
              "name": "1021132",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1021132"
            },
            {
              "name": "https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search\u0026txtAlertNumber=PSN-2008-09-036\u0026viewMode=view",
              "refsource": "MISC",
              "url": "https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search\u0026txtAlertNumber=PSN-2008-09-036\u0026viewMode=view"
            },
            {
              "name": "ADV-2008-2750",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/2750"
            },
            {
              "name": "ADV-2008-2752",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/2752"
            },
            {
              "name": "31529",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/31529"
            },
            {
              "name": "http://www.kb.cert.org/vuls/id/MAPG-7H2S68",
              "refsource": "CONFIRM",
              "url": "http://www.kb.cert.org/vuls/id/MAPG-7H2S68"
            },
            {
              "name": "FreeBSD-SA-08:10",
              "refsource": "FREEBSD",
              "url": "http://security.freebsd.org/advisories/FreeBSD-SA-08:10.nd6.asc"
            },
            {
              "name": "[4.3] 006: SECURITY FIX: October 2, 2008",
              "refsource": "OPENBSD",
              "url": "http://www.openbsd.org/errata43.html#006_ndp"
            },
            {
              "name": "32112",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/32112"
            },
            {
              "name": "NetBSD-SA2008-013",
              "refsource": "NETBSD",
              "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-013.txt.asc"
            },
            {
              "name": "oval:org.mitre.oval:def:5670",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5670"
            },
            {
              "name": "32117",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/32117"
            },
            {
              "name": "ADV-2009-0633",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/0633"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2008-2476",
    "datePublished": "2008-10-03T15:00:00",
    "dateReserved": "2008-05-28T00:00:00",
    "dateUpdated": "2024-08-07T09:05:29.861Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Vulnerability from fkie_nvd
Published
2008-10-03 15:07
Modified
2025-04-09 00:30
Severity ?
Summary
The IPv6 Neighbor Discovery Protocol (NDP) implementation in (1) FreeBSD 6.3 through 7.1, (2) OpenBSD 4.2 and 4.3, (3) NetBSD, (4) Force10 FTOS before E7.7.1.1, (5) Juniper JUNOS, and (6) Wind River VxWorks 5.x through 6.4 does not validate the origin of Neighbor Discovery messages, which allows remote attackers to cause a denial of service (loss of connectivity) or read private network traffic via a spoofed message that modifies the Forward Information Base (FIB).
References
cret@cert.orgftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-013.txt.asc
cret@cert.orghttp://secunia.com/advisories/32112Vendor Advisory
cret@cert.orghttp://secunia.com/advisories/32116
cret@cert.orghttp://secunia.com/advisories/32117Vendor Advisory
cret@cert.orghttp://secunia.com/advisories/32133
cret@cert.orghttp://secunia.com/advisories/32406
cret@cert.orghttp://security.freebsd.org/advisories/FreeBSD-SA-08:10.nd6.ascVendor Advisory
cret@cert.orghttp://securitytracker.com/id?1020968
cret@cert.orghttp://support.apple.com/kb/HT3467
cret@cert.orghttp://www.kb.cert.org/vuls/id/472363US Government Resource
cret@cert.orghttp://www.kb.cert.org/vuls/id/MAPG-7H2RY7US Government Resource
cret@cert.orghttp://www.kb.cert.org/vuls/id/MAPG-7H2S68US Government Resource
cret@cert.orghttp://www.openbsd.org/errata42.html#015_ndp
cret@cert.orghttp://www.openbsd.org/errata43.html#006_ndp
cret@cert.orghttp://www.securityfocus.com/bid/31529
cret@cert.orghttp://www.securitytracker.com/id?1021109
cret@cert.orghttp://www.securitytracker.com/id?1021132
cret@cert.orghttp://www.vupen.com/english/advisories/2008/2750
cret@cert.orghttp://www.vupen.com/english/advisories/2008/2751
cret@cert.orghttp://www.vupen.com/english/advisories/2008/2752
cret@cert.orghttp://www.vupen.com/english/advisories/2009/0633
cret@cert.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/45601
cret@cert.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5670
cret@cert.orghttps://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2008-09-036&viewMode=view
af854a3a-2127-422b-91ae-364da2661108ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-013.txt.asc
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/32112Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/32116
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/32117Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/32133
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/32406
af854a3a-2127-422b-91ae-364da2661108http://security.freebsd.org/advisories/FreeBSD-SA-08:10.nd6.ascVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1020968
af854a3a-2127-422b-91ae-364da2661108http://support.apple.com/kb/HT3467
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/472363US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/MAPG-7H2RY7US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/MAPG-7H2S68US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.openbsd.org/errata42.html#015_ndp
af854a3a-2127-422b-91ae-364da2661108http://www.openbsd.org/errata43.html#006_ndp
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/31529
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1021109
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1021132
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/2750
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/2751
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/2752
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2009/0633
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/45601
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5670
af854a3a-2127-422b-91ae-364da2661108https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2008-09-036&viewMode=view
Impacted products
Vendor Product Version
force10 ftos *
freebsd freebsd 6.3
freebsd freebsd 7.1
juniper jnos *
netbsd netbsd *
openbsd openbsd 4.2
openbsd openbsd 4.3
windriver vxworks *
windriver vxworks 5
windriver vxworks 5.5


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:force10:ftos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4941A848-A02E-4234-82A3-076AABC94476",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F702C46F-CA02-4FA2-B7D6-C61C2C095679",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "803EFA9F-B7CB-4511-B1C1-381170CA9A23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:jnos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BD3413A-DD12-4C60-88F4-E2D6C1264319",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:netbsd:netbsd:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B55E4B92-88E0-41F0-AFA7-046A8D34A2CA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:openbsd:openbsd:4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DF8DD37-A337-4E9D-A34E-C2D561A24285",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:openbsd:openbsd:4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F12313A0-1EAF-4652-9AB1-799171CFFEA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:windriver:vxworks:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFCBBA4F-BD05-4044-98A0-2825A413D299",
              "versionEndIncluding": "6.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:windriver:vxworks:5:*:*:*:*:*:*:*",
              "matchCriteriaId": "F69B80D9-E6A6-4761-9EE3-3EF5E55EFA8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:windriver:vxworks:5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE3680A0-7B0C-4E91-97D7-B3F33EE1569A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The IPv6 Neighbor Discovery Protocol (NDP) implementation in (1) FreeBSD 6.3 through 7.1, (2) OpenBSD 4.2 and 4.3, (3) NetBSD, (4) Force10 FTOS before E7.7.1.1, (5) Juniper JUNOS, and (6) Wind River VxWorks 5.x through 6.4 does not validate the origin of Neighbor Discovery messages, which allows remote attackers to cause a denial of service (loss of connectivity) or read private network traffic via a spoofed message that modifies the Forward Information Base (FIB)."
    },
    {
      "lang": "es",
      "value": "La implementaci\u00f3n IPv6 Neighbor Discovery Protocol (NDP) en (1) FreeBSD v6.3 hasta v7.1, (2) OpenBSD v4.2 y v4.3, (3) NetBSD, (4) Force10 FTOS versiones anteriores a vE7.7.1.1, (5) Juniper JUNOS, y (6) Wind River VxWorks 5.x hasta v6.4 no valida los mensaje originales de Neighbor Discovery, lo cual permite a atacantes remotos provocar una denegaci\u00f3n de servicio (p\u00e9rdida de conectividad) o leer tr\u00e1fico de red privado a trav\u00e9s de mensajes falsos que modifica la Forward Information Base (FIB)."
    }
  ],
  "id": "CVE-2008-2476",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-10-03T15:07:10.727",
  "references": [
    {
      "source": "cret@cert.org",
      "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-013.txt.asc"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32112"
    },
    {
      "source": "cret@cert.org",
      "url": "http://secunia.com/advisories/32116"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32117"
    },
    {
      "source": "cret@cert.org",
      "url": "http://secunia.com/advisories/32133"
    },
    {
      "source": "cret@cert.org",
      "url": "http://secunia.com/advisories/32406"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://security.freebsd.org/advisories/FreeBSD-SA-08:10.nd6.asc"
    },
    {
      "source": "cret@cert.org",
      "url": "http://securitytracker.com/id?1020968"
    },
    {
      "source": "cret@cert.org",
      "url": "http://support.apple.com/kb/HT3467"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/472363"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/MAPG-7H2RY7"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/MAPG-7H2S68"
    },
    {
      "source": "cret@cert.org",
      "url": "http://www.openbsd.org/errata42.html#015_ndp"
    },
    {
      "source": "cret@cert.org",
      "url": "http://www.openbsd.org/errata43.html#006_ndp"
    },
    {
      "source": "cret@cert.org",
      "url": "http://www.securityfocus.com/bid/31529"
    },
    {
      "source": "cret@cert.org",
      "url": "http://www.securitytracker.com/id?1021109"
    },
    {
      "source": "cret@cert.org",
      "url": "http://www.securitytracker.com/id?1021132"
    },
    {
      "source": "cret@cert.org",
      "url": "http://www.vupen.com/english/advisories/2008/2750"
    },
    {
      "source": "cret@cert.org",
      "url": "http://www.vupen.com/english/advisories/2008/2751"
    },
    {
      "source": "cret@cert.org",
      "url": "http://www.vupen.com/english/advisories/2008/2752"
    },
    {
      "source": "cret@cert.org",
      "url": "http://www.vupen.com/english/advisories/2009/0633"
    },
    {
      "source": "cret@cert.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45601"
    },
    {
      "source": "cret@cert.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5670"
    },
    {
      "source": "cret@cert.org",
      "url": "https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search\u0026txtAlertNumber=PSN-2008-09-036\u0026viewMode=view"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-013.txt.asc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32112"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/32116"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32117"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/32133"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/32406"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://security.freebsd.org/advisories/FreeBSD-SA-08:10.nd6.asc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1020968"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.apple.com/kb/HT3467"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/472363"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/MAPG-7H2RY7"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/MAPG-7H2S68"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openbsd.org/errata42.html#015_ndp"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openbsd.org/errata43.html#006_ndp"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/31529"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1021109"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1021132"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/2750"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/2751"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/2752"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2009/0633"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45601"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5670"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search\u0026txtAlertNumber=PSN-2008-09-036\u0026viewMode=view"
    }
  ],
  "sourceIdentifier": "cret@cert.org",
  "vendorComments": [
    {
      "comment": "Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, 5 or Red Hat Enterprise MRG.",
      "lastModified": "2017-09-28T21:31:11.053",
      "organization": "Red Hat"
    }
  ],
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}