Vulnerability Name:

CVE-2008-4404 (CCN-45601)

Assigned:2008-10-02
Published:2008-10-02
Updated:2008-10-03
Summary:The IPv6 Neighbor Discovery Protocol (NDP) implementation on IBM zSeries servers does not validate the origin of Neighbor Discovery messages, which allows remote attackers to cause a denial of service (loss of connectivity) or read private network traffic via a spoofed message that modifies the Forward Information Base (FIB), a related issue to CVE-2008-2476.
CVSS v3 Severity:6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
7.4 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
6.4 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P)
4.7 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-20
Vulnerability Consequences:Denial of Service
References:Source: CCN
Type: NetBSD Security Advisory 2008-013
IPv6 Neighbor Discovery Protocol

Source: MITRE
Type: CNA
CVE-2008-2476

Source: MITRE
Type: CNA
CVE-2008-4404

Source: MITRE
Type: CNA
CVE-2009-0418

Source: CCN
Type: HP Security Bulletin HPSBUX02407 SSRT080107 rev.1
HP-UX Running IPv6, Remote Denial of Service (DoS) and Unauthorized Access

Source: CCN
Type: SA32112
FreeBSD IPv6 Neighbor Discovery Protocol Neighbor Solicitation Vulnerability

Source: CCN
Type: SA32116
Juniper Products Neighbor Discovery Protocol Neighbor Solicitation Vulnerability

Source: CCN
Type: SA32117
Force10 FTOS Routers IPv6 Neighbor Discovery Protocol Vulnerability

Source: CCN
Type: SA32133
OpenBSD IPv6 Neighbor Discovery Protocol Neighbor Solicitation Vulnerability

Source: CCN
Type: SA32406
NetBSD IPv6 Neighbor Discovery Protocol Neighbor Solicitation Vulnerability

Source: CCN
Type: SA33787
HP-UX IPv6 Neighbor Discovery Protocol Neighbor Solicitation Vulnerability

Source: CCN
Type: SA34105
Apple Airport Extreme / Time Capsule Multiple Vulnerabilities

Source: CCN
Type: FreeBSD-SA-08:10.nd6
IPv6 Neighbor Discovery Protocol routing vulnerability

Source: CCN
Type: SECTRACK ID: 1020968
FreeBSD IPv6 Neighbor Discovery Protocol Spoofing Bug Lets Remote Users Modify Routing Data in Certain Cases

Source: CCN
Type: SECTRACK ID: 1021109
NetBSD IPv6 Neighbor Discovery Protocol Spoofing Bug Lets Remote Users Modify Routing Data in Certain Cases

Source: CCN
Type: SECTRACK ID: 1021132
OpenBSD IPv6 Neighbor Discovery Protocol Spoofing Bug Lets Remote Users Modify Routing Data in Certain Cases

Source: CCN
Type: SECTRACK ID: 1021660
HP-UX IPv6 Neighbor Discovery Protocol Spoofing Bug Lets Remote Users Modify Routing Data in Certain Cases

Source: CCN
Type: Apple Web site
About the security content of Time Capsule and AirPort Base Station (802.11n*) Firmware 7.4.1

Source: CCN
Type: ASA-2009-059
HP-UX Running IPv6 Remote Denial of Service (DoS) and Unauthorized Access (HPSBUX02407)

Source: CCN
Type: Wind River Web site
Wind River Support

Source: CCN
Type: Force10 Networks Web site
Force10 Networks

Source: CCN
Type: FreeBSD Web site
The FreeBSD Project

Source: CCN
Type: US-CERT VU#472363
IPv6 implementations insecurely update Forwarding Information Base

Source: CERT-VN
Type: US Government Resource
VU#472363

Source: CCN
Type: US-CERT Advisory, 2008-09-30
Force10 Networks, Inc. Information for VU#472363

Source: MISC
Type: US Government Resource
http://www.kb.cert.org/vuls/id/MAPG-7H2RZ8

Source: CCN
Type: OSVDB ID: 48702
FreeBSD IPv6 Neighbor Discovery Protocol Neighbor Solicitation Spoofing

Source: CCN
Type: OSVDB ID: 48744
OpenBSD IPv6 Neighbor Discovery Protocol Neighbor Solicitation Spoofing

Source: CCN
Type: OSVDB ID: 48745
Force10 FTOS Routers IPv6 Neighbor Discovery Protocol Neighbor Solicitation Spoofing

Source: CCN
Type: OSVDB ID: 48989
Juniper Multiple Products IPv6 Neighbor Discovery Protocol Neighbor Solicitation Spoofing

Source: CCN
Type: OSVDB ID: 48991
IBM zSeries IPv6 Neighbor Discovery Protocol Neighbor Solicitation Spoofing

Source: CCN
Type: OSVDB ID: 49407
NetBSD IPv6 Neighbor Discovery Protocol Neighbor Solicitation Spoofing

Source: CCN
Type: OSVDB ID: 51771
HP-UX IPv6 Neighbor Discovery Protocol Neighbor Solicitation Spoofing

Source: CCN
Type: OSVDB ID: 52494
Apple Multiple Products IPv6 Neighbor Discovery Protocol Neighbor Solicitation Spoofing

Source: CCN
Type: BID-31529
Multiple Vendors IPv6 Neighbor Discovery Protocol Implementation Address Spoofing Vulnerability

Source: CCN
Type: BID-33560
Novell GroupWise Internet Agent SMTP RCPT Command Remote Buffer Overflow Vulnerability

Source: XF
Type: UNKNOWN
multiple-vendor-ndp-dos(45601)

Source: CCN
Type: Juniper Networks Web site
Juniper Networks :: Login

Vulnerable Configuration:Configuration 1:
  • cpe:/o:ibm:zseries:*:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:hp:hp-ux:b.11.11:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:b.11.23:*:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:6.0:-:*:*:*:*:*:*
  • OR cpe:/o:netbsd:netbsd:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:netbsd:netbsd:3.1:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:b.11.31:*:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:6.3:-:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:7.0:-:*:*:*:*:*:*
  • OR cpe:/o:netbsd:netbsd:4.0:*:*:*:*:*:*:*
  • OR cpe:/a:apple:apple_airport_extreme_base_station:::7.3.1_firmware:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:6.4:-:*:*:*:*:*:*
  • OR cpe:/o:force10:ftos:*:*:*:*:*:*:*:*
  • OR cpe:/o:ibm:zseries:*:*:*:*:*:*:*:*
  • OR cpe:/o:juniper:jnos:*:*:*:*:*:*:*:*
  • OR cpe:/h:apple:airport_express_base_station_firmware:3.84:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    ibm zseries *
    hp hp-ux b.11.11
    hp hp-ux b.11.23
    freebsd freebsd 6.0 -
    netbsd netbsd 3.0
    netbsd netbsd 3.1
    hp hp-ux b.11.31
    freebsd freebsd 6.3 -
    freebsd freebsd 7.0 -
    netbsd netbsd 4.0
    apple apple airport extreme base station
    freebsd freebsd 6.4 -
    force10 ftos *
    ibm zseries *
    juniper jnos *
    apple airport express base station firmware 3.84