Vulnerability Name:

CVE-2007-2242 (CCN-33851)

Assigned:2007-04-17
Published:2007-04-17
Updated:2018-10-16
Summary:The IPv6 protocol allows remote attackers to cause a denial of service via crafted IPv6 type 0 route headers (IPV6_RTHDR_TYPE_0) that create network amplification between two routers.
CVSS v3 Severity:7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
CVSS v2 Severity:7.8 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C)
5.8 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C)
5.8 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Denial of Service
References:Source: CCN
Type: NetBSD-SA2007-005
IPv6 Type 0 Routing Header

Source: MITRE
Type: CNA
CVE-2007-2242

Source: CCN
Type: Mac OS X 10.4.10 Security Update
About the security content of the Mac OS X 10.4.10 Update

Source: CONFIRM
Type: UNKNOWN
http://docs.info.apple.com/article.html?artnum=305712

Source: CONFIRM
Type: UNKNOWN
http://docs.info.apple.com/article.html?artnum=306375

Source: CCN
Type: Apple Web site
About the security content of AirPort Extreme Base Station with 802.11n Firmware 7.2.1

Source: SUSE
Type: UNKNOWN
SUSE-SA:2008:006

Source: CCN
Type: OpenBSD 3.9 errata
022: SECURITY FIX: April 23, 2007

Source: OPENBSD
Type: UNKNOWN
[3.9] 20070423 022: SECURITY FIX: April 23, 2007

Source: CCN
Type: OpenBSD 4.0 errata
012: SECURITY FIX: April 23, 2007

Source: OPENBSD
Type: UNKNOWN
[4.0] 20070423 012: SECURITY FIX: April 23, 2007

Source: CCN
Type: RHSA-2007-0347
Important: kernel security and bug fix update

Source: CCN
Type: SA24978
OpenBSD IPv6 Type 0 Route Headers Denial of Service

Source: SECUNIA
Type: Patch, Vendor Advisory
24978

Source: CCN
Type: SA25033
FreeBSD IPv6 Type 0 Route Headers Denial of Service

Source: SECUNIA
Type: UNKNOWN
25033

Source: CCN
Type: SA25068
Linux Kernel IPv6 Type 0 Route Headers and RTA_MAX Denial of Service

Source: SECUNIA
Type: UNKNOWN
25068

Source: SECUNIA
Type: UNKNOWN
25083

Source: SECUNIA
Type: UNKNOWN
25288

Source: SECUNIA
Type: UNKNOWN
25691

Source: CCN
Type: SA25770
Apple Mac OS X IPv6 Type 0 Route Headers Denial of Service

Source: SECUNIA
Type: UNKNOWN
25770

Source: SECUNIA
Type: UNKNOWN
26133

Source: SECUNIA
Type: UNKNOWN
26620

Source: SECUNIA
Type: UNKNOWN
26651

Source: SECUNIA
Type: UNKNOWN
26664

Source: CCN
Type: SA26703
Apple AirPort Extreme Base Station IPv6 Type 0 Route Headers Denial of Service

Source: SECUNIA
Type: UNKNOWN
26703

Source: SECUNIA
Type: UNKNOWN
28806

Source: CCN
Type: FreeBSD-SA-07:03.ipv6
IPv6 Routing Header 0 is dangerous

Source: FREEBSD
Type: UNKNOWN
FreeBSD-SA-07:03.ipv6

Source: CCN
Type: SECTRACK ID: 1017949
BSD IPv6 Type 0 Route Headers May Let Remote Users Deny Service

Source: CCN
Type: US-CERT VU#267289
IPv6 Type 0 Route Headers allow sender to control routing

Source: CERT-VN
Type: US Government Resource
VU#267289

Source: CCN
Type: The Linux Kernel Archives
ChangeLog-2.6.21

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2007:171

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2007:196

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2007:216

Source: SUSE
Type: UNKNOWN
SUSE-SA:2007:051

Source: REDHAT
Type: UNKNOWN
RHSA-2007:0347

Source: MISC
Type: UNKNOWN
http://www.secdev.org/conf/IPv6_RH_security-csw07.pdf

Source: BUGTRAQ
Type: UNKNOWN
20070508 FLEA-2007-0016-1: kernel

Source: BUGTRAQ
Type: UNKNOWN
20070615 rPSA-2007-0124-1 kernel xen

Source: BID
Type: Patch
23615

Source: CCN
Type: BID-23615
IPv6 Protocol Type 0 Route Header Denial of Service Vulnerability

Source: SECTRACK
Type: UNKNOWN
1017949

Source: CCN
Type: USN-486-1
Linux kernel vulnerabilities

Source: UBUNTU
Type: UNKNOWN
USN-486-1

Source: CCN
Type: USN-508-1
Linux kernel vulnerabilities

Source: UBUNTU
Type: UNKNOWN
USN-508-1

Source: VUPEN
Type: UNKNOWN
ADV-2007-1563

Source: VUPEN
Type: UNKNOWN
ADV-2007-2270

Source: VUPEN
Type: UNKNOWN
ADV-2007-3050

Source: XF
Type: UNKNOWN
ipv6-type0-dos(33851)

Source: XF
Type: UNKNOWN
openbsd-ipv6-type0-dos(33851)

Source: CONFIRM
Type: UNKNOWN
https://issues.rpath.com/browse/RPL-1310

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:9574

Source: SUSE
Type: SUSE-SA:2007:051
Linux kernel security update

Vulnerable Configuration:Configuration 1:
  • cpe:/o:openbsd:openbsd:3.9:*:*:*:*:*:*:*
  • OR cpe:/o:openbsd:openbsd:4.0:*:*:*:*:*:*:*
  • AND
  • cpe:/a:ietf:ipv6:*:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/o:netbsd:netbsd:3.1:*:*:*:*:*:*:*
  • OR cpe:/o:netbsd:netbsd:3.1:rc3:*:*:*:*:*:*
  • AND
  • cpe:/a:ietf:ipv6:*:*:*:*:*:*:*:*

    • Configuration 3:
  • cpe:/o:freebsd:freebsd:6.2:-:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:6.2:stable:*:*:*:*:*:*
  • AND
  • cpe:/a:ietf:ipv6:*:*:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:ietf:ipv6:*:*:*:*:*:*:*:*
  • AND
  • cpe:/o:netbsd:netbsd:2.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:mandrakesoft:mandrake_multi_network_firewall:2.0:*:*:*:*:*:*:*
  • OR cpe:/o:netbsd:netbsd:2.1:*:*:*:*:*:*:*
  • OR cpe:/o:netbsd:netbsd:2.0.3:*:*:*:*:*:*:*
  • OR cpe:/o:netbsd:netbsd:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:netbsd:netbsd:2.0.1:*:*:*:*:*:*:*
  • OR cpe:/o:netbsd:netbsd:2.0.2:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:6.06::lts:*:*:*:*:*
  • OR cpe:/o:openbsd:openbsd:3.9:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:10.1::personal:*:*:*:*:*
  • OR cpe:/o:novell:suse_linux_enterprise_server:10:sp2:itanium_ia64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007::x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0::x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:*:*:*:*:*
  • OR cpe:/o:openbsd:openbsd:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:netbsd:netbsd:3.0.1:*:*:*:*:*:*:*
  • OR cpe:/o:netbsd:netbsd:3.1:*:*:*:*:*:*:*
  • OR cpe:/o:netbsd:netbsd:4.0:beta2:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:client_workstation:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.0::x86-64:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:client:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007.1::x86-64:*:*:*:*:*
  • OR cpe:/o:netbsd:netbsd:2.0.4:*:*:*:*:*:*:*
  • OR cpe:/o:netbsd:netbsd:3.0.2:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20072242
    V
    		CVE-2007-2242
    2015-11-16
    oval:org.mitre.oval:def:17035
    P
    		USN-508-1 -- linux-source-2.6.15 vulnerabilities
    2014-06-30
    oval:org.mitre.oval:def:22576
    P
    		ELSA-2007:0347: kernel security and bug fix update (Important)
    2014-05-26
    oval:org.mitre.oval:def:9574
    V
    		The IPv6 protocol allows remote attackers to cause a denial of service via crafted IPv6 type 0 route headers (IPV6_RTHDR_TYPE_0) that create network amplification between two routers.
    2013-04-29
    oval:com.redhat.rhsa:def:20070347
    P
    		RHSA-2007:0347: kernel security and bug fix update (Important)
    2007-05-16
    BACK
    openbsd openbsd 3.9
    openbsd openbsd 4.0
    ietf ipv6 *
    netbsd netbsd 3.1
    netbsd netbsd 3.1 rc3
    ietf ipv6 *
    freebsd freebsd 6.2
    freebsd freebsd 6.2 stable
    ietf ipv6 *
    ietf ipv6 *
    netbsd netbsd 2.0
    mandrakesoft mandrake linux corporate server 3.0
    mandrakesoft mandrake multi network firewall 2.0
    netbsd netbsd 2.1
    netbsd netbsd 2.0.3
    netbsd netbsd 3.0
    netbsd netbsd 2.0.1
    netbsd netbsd 2.0.2
    canonical ubuntu 6.06
    openbsd openbsd 3.9
    suse suse linux 10.1
    novell suse linux enterprise server 10 sp2
    mandrakesoft mandrake linux 2007
    mandrakesoft mandrake linux 2007
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 3.0
    openbsd openbsd 4.0
    netbsd netbsd 3.0.1
    netbsd netbsd 3.1
    netbsd netbsd 4.0 beta2
    redhat enterprise linux desktop 5.0
    redhat enterprise linux 5
    redhat enterprise linux 5
    mandrakesoft mandrake linux 2007.1
    mandrakesoft mandrake linux 2008.0
    redhat enterprise linux 5
    mandrakesoft mandrake linux 2007.1
    netbsd netbsd 2.0.4
    netbsd netbsd 3.0.2