Vulnerability Note VU#267289
IPv6 Type 0 Route Headers allow sender to control routing
Overview
IPv6 Type 0 Route Headers allow the sender to control packet routing. This vulnerability may allow an attacker to cause a denial-of-service condition.
Description
Routing header options provided by IPv6 allow packet senders to indicate specific nodes through which the packet should travel. Note that a node is defined as any device that implements IPv6, which includes hosts as well as routing devices. According to FreeBSD-SA-07:03.ipv6: An attacker can "amplify" a denial of service attack against a link between two vulnerable hosts; that is, by sending a small volume of traffic the attacker can consume a much larger amount of bandwidth between the two vulnerable hosts. |
Impact
This condition can facilitate a number of different impacts including packet amplification, bypassing filtering devices, denial of service, and defeating IPv6 Anycast. |
Solution
Update
|
Systems Affected (Learn More)
| Vendor | Status | Date Notified | Date Updated |
|---|---|---|---|
| Apple Computer, Inc. | Affected | 09 May 2007 | 21 Jun 2007 |
| Cisco Systems, Inc. | Affected | 09 May 2007 | 15 May 2007 |
| FreeBSD, Inc. | Affected | - | 14 May 2007 |
| Fujitsu | Affected | 09 May 2007 | 15 Jun 2007 |
| Hitachi | Affected | 09 May 2007 | 14 May 2007 |
| Internet Initiative Japan | Affected | - | 14 May 2007 |
| NEC Corporation | Affected | 09 May 2007 | 15 Jun 2007 |
| OpenBSD | Affected | - | 14 May 2007 |
| Red Hat, Inc. | Affected | - | 17 May 2007 |
| rPath | Affected | - | 21 Jun 2007 |
| Secure Computing Network Security Division | Affected | 09 May 2007 | 15 Jun 2007 |
| Sun Microsystems, Inc. | Affected | 09 May 2007 | 17 May 2007 |
| Force10 Networks, Inc. | Not Affected | 09 May 2007 | 22 Jul 2011 |
| Novell, Inc. | Not Affected | 09 May 2007 | 17 May 2007 |
| 3com, Inc. | Unknown | 09 May 2007 | 09 May 2007 |
CVSS Metrics (Learn More)
| Group | Score | Vector |
|---|---|---|
| Base | N/A | N/A |
| Temporal | N/A | N/A |
| Environmental | N/A | N/A |
References
- http://secunia.com/advisories/24978/
- http://openbsd.org/errata40.html#012_route6
- http://secunia.com/advisories/25033/
- http://www.secdev.org/conf/IPv6_RH_security-csw07.pdf
- http://secunia.com/advisories/25068/
- http://www.ietf.org/rfc/rfc2460.txt
- http://docs.info.apple.com/article.html?artnum=305712
- http://secunia.com/advisories/25770/
- http://secunia.com/advisories/26703/
Credit
This vulnerability was reported by Philippe Biondi Arnaud Ebalard of EADS Innovation Works — IW/SE/CS, IT Sec lab, Suresnes, France at CanSecWest 2007.
This document was written by Chris Taschner.
Other Information
- CVE IDs: CVE-2007-2242
- Date Public: 24 Apr 2007
- Date First Published: 13 Jun 2007
- Date Last Updated: 22 Jul 2011
- Severity Metric: 11.03
- Document Revision: 38
Feedback
If you have feedback, comments, or additional information about this vulnerability, please send us email.
View Notes By
Report a Vulnerability
Please use the Vulnerability Reporting Form to report a vulnerability. Alternatively, you can send us email. Be sure to read our vulnerability disclosure policy.