search menu icon-carat-right cmu-wordmark

CERT Coordination Center

IPv6 Type 0 Route Headers allow sender to control routing

Vulnerability Note VU#267289

Original Release Date: 2007-06-13 | Last Revised: 2011-07-22

Overview

IPv6 Type 0 Route Headers allow the sender to control packet routing. This vulnerability may allow an attacker to cause a denial-of-service condition.

Description

Routing header options provided by IPv6 allow packet senders to indicate specific nodes through which the packet should travel. Note that a node is defined as any device that implements IPv6, which includes hosts as well as routing devices. According to FreeBSD-SA-07:03.ipv6:

An attacker can "amplify" a denial of service attack against a link between two vulnerable hosts; that is, by sending a small volume of traffic the attacker can consume a much larger amount of bandwidth between the two vulnerable hosts.

An attacker can use vulnerable hosts to "concentrate" a denial of service attack against a victim host or network; that is, a set of packets sent over a period of 30 seconds or more could be constructed such that they all arrive at the victim within a period of 1 second or less.

Impact

This condition can facilitate a number of different impacts including packet amplification, bypassing filtering devices, denial of service, and defeating IPv6 Anycast.

Solution

Update

See the systems affected portion of this document for information about updates for specific vendors.

Vendor Information

267289
 
Affected   Unknown   Unaffected

Apple Computer, Inc.

Notified:  May 09, 2007 Updated:  June 21, 2007

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

Refer to Apple Mac OS X 10.4.10 Update.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Cisco Systems, Inc.

Notified:  May 09, 2007 Updated:  May 15, 2007

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

FreeBSD, Inc.

Updated:  May 14, 2007

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

Refer to FreeBSD-SA-07:03.ipv6.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Fujitsu

Notified:  May 09, 2007 Updated:  June 15, 2007

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

Refer to http://software.fujitsu.com/jp/security/vulnerabilities/vu267289.html.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Hitachi

Notified:  May 09, 2007 Updated:  May 14, 2007

Status

  Vulnerable

Vendor Statement

AlaxalA AX series (except AX1200S/AX2400S series) and Hitachi GR4000/GR2000/GS4000/GS3000 are vulnerable to this issue. Note that AlaxalA AX series (except AX1200S/AX2400S series) and Hitachi GR4000/GR2000/GS4000/GS3000 have a threshold mechanism to ignore IPv6 Routing Header Type 0. This mechanism limits the impact of possible attacks.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Internet Initiative Japan

Updated:  May 14, 2007

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

Refer to http://www.seil.jp/en/news/snote/snote_200705_01_en.html

If you have feedback, comments, or additional information about this vulnerability, please send us email.

NEC Corporation

Notified:  May 09, 2007 Updated:  June 15, 2007

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

Refer to http://www.nec.co.jp/psirt/index.html (Japanese only).

If you have feedback, comments, or additional information about this vulnerability, please send us email.

OpenBSD

Updated:  May 14, 2007

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

Refer to http://openbsd.org/errata40.html#012_route6.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Red Hat, Inc.

Updated:  May 17, 2007

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

Refer to RHSA-2007-0347.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Secure Computing Network Security Division

Notified:  May 09, 2007 Updated:  June 15, 2007

Status

  Vulnerable

Vendor Statement

Sidewinder G2, Sidewinder 7, and TSP: Not Vulnerable

By default, Sidewinder ignores routing header 0, and strips it from datagrams
passing through the firewall.

TSP drops IPv6 datagrams containing routing headers.


SnapGear: Vulnerable

SnapGear products at version 3.1.5 and earlier honor IPv6 routing header 0.
This will be corrected in an upcoming release.

This vulnerability is not relevant to any other Secure Computing products.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Sun Microsystems, Inc.

Notified:  May 09, 2007 Updated:  May 17, 2007

Statement Date:   May 16, 2007

Status

  Vulnerable

Vendor Statement

Sun can confirm that while Solaris has support for the IPv6 Routing Header type 0 that is described in VU#267289, packets containing this header extension are discarded by default on Solaris 9 and 10, and Solaris 8 can be configured to discard them by setting a kernel driver parameter.

For Solaris systems, this setting is controlled by the ip6_forward_src_routed kernel driver parameter, which defaults to 1 on Solaris 8 systems, and 0 on later systems. The 'ndd(1M)' command can be used to set this variable, for example to set it for the current session the command could be used as follows:

# ndd -set /dev/ip ip6_forward_src_routed 0

More details are available from the following blog post:

http://blogs.sun.com/security/entry/ipv6_routing_header_issues

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

rPath

Updated:  June 21, 2007

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

Refer to rPSA-2007-0124-1.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Force10 Networks, Inc.

Notified:  May 09, 2007 Updated:  July 22, 2011

Status

  Not Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Novell, Inc.

Notified:  May 09, 2007 Updated:  May 17, 2007

Status

  Not Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

3com, Inc.

Notified:  May 09, 2007 Updated:  May 09, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

AT&T

Notified:  May 09, 2007 Updated:  May 09, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Alcatel

Notified:  May 09, 2007 Updated:  May 09, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Avaya, Inc.

Notified:  May 09, 2007 Updated:  May 09, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Avici Systems, Inc.

Notified:  May 09, 2007 Updated:  May 09, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Borderware Technologies

Notified:  May 09, 2007 Updated:  May 09, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Charlotte's Web Networks

Notified:  May 09, 2007 Updated:  May 09, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Check Point Software Technologies

Notified:  May 09, 2007 Updated:  May 09, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Chiaro Networks, Inc.

Notified:  May 09, 2007 Updated:  May 09, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Clavister

Notified:  May 09, 2007 Updated:  May 09, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Computer Associates

Notified:  May 09, 2007 Updated:  May 09, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Cray Inc.

Notified:  May 09, 2007 Updated:  May 09, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

D-Link Systems, Inc.

Notified:  May 09, 2007 Updated:  May 09, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Data Connection, Ltd.

Notified:  May 09, 2007 Updated:  May 09, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

EMC, Inc. (formerly Data General Corporation)

Notified:  May 09, 2007 Updated:  May 09, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Ericsson

Notified:  May 09, 2007 Updated:  May 09, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Extreme Networks

Notified:  May 09, 2007 Updated:  May 09, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

F5 Networks, Inc.

Notified:  May 09, 2007 Updated:  May 09, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Fortinet, Inc.

Notified:  May 09, 2007 Updated:  May 09, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Foundry Networks, Inc.

Notified:  May 09, 2007 Updated:  May 09, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Global Technology Associates

Notified:  May 09, 2007 Updated:  May 09, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Hewlett-Packard Company

Notified:  May 09, 2007 Updated:  May 09, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Hyperchip

Notified:  May 09, 2007 Updated:  May 09, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

IBM Corporation

Notified:  May 09, 2007 Updated:  May 09, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

IBM Corporation (zseries)

Notified:  May 09, 2007 Updated:  May 09, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

IBM eServer

Notified:  May 09, 2007 Updated:  May 09, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

IP Filter

Notified:  May 09, 2007 Updated:  May 09, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Ingrian Networks, Inc.

Notified:  May 09, 2007 Updated:  May 09, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Intel Corporation

Notified:  May 09, 2007 Updated:  May 09, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Internet Security Systems, Inc.

Notified:  May 09, 2007 Updated:  May 09, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Intoto

Notified:  May 09, 2007 Updated:  May 09, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Juniper Networks, Inc.

Notified:  May 09, 2007 Updated:  May 09, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Linksys (A division of Cisco Systems)

Notified:  May 09, 2007 Updated:  May 09, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Lucent Technologies

Notified:  May 09, 2007 Updated:  May 09, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Luminous Networks

Notified:  May 09, 2007 Updated:  May 09, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Microsoft Corporation

Notified:  May 09, 2007 Updated:  May 09, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

MontaVista Software, Inc.

Notified:  May 09, 2007 Updated:  May 09, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Multinet (owned Process Software Corporation)

Notified:  May 09, 2007 Updated:  May 09, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Multitech, Inc.

Notified:  May 09, 2007 Updated:  May 09, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

NetBSD

Notified:  May 09, 2007 Updated:  May 09, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Network Appliance, Inc.

Notified:  May 09, 2007 Updated:  May 09, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

NextHop Technologies, Inc.

Notified:  May 09, 2007 Updated:  May 09, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Nokia

Notified:  May 09, 2007 Updated:  May 09, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Nortel Networks, Inc.

Notified:  May 09, 2007 Updated:  May 09, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

QNX, Software Systems, Inc.

Notified:  May 09, 2007 Updated:  May 09, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Redback Networks, Inc.

Notified:  May 09, 2007 Updated:  May 09, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Riverstone Networks, Inc.

Notified:  May 09, 2007 Updated:  May 09, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Secureworx, Inc.

Notified:  May 09, 2007 Updated:  May 09, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Silicon Graphics, Inc.

Notified:  May 09, 2007 Updated:  May 09, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Sony Corporation

Notified:  May 09, 2007 Updated:  May 09, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Stonesoft

Notified:  May 09, 2007 Updated:  May 09, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Symantec, Inc.

Notified:  May 09, 2007 Updated:  May 09, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

The SCO Group

Notified:  May 09, 2007 Updated:  May 09, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Unisys

Notified:  May 09, 2007 Updated:  May 09, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Watchguard Technologies, Inc.

Notified:  May 09, 2007 Updated:  May 09, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Wind River Systems, Inc.

Notified:  May 09, 2007 Updated:  May 09, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

ZyXEL

Notified:  May 09, 2007 Updated:  May 09, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

eSoft, Inc.

Notified:  May 09, 2007 Updated:  May 09, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

netfilter

Notified:  May 09, 2007 Updated:  May 09, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

View all 73 vendors View less vendors


CVSS Metrics

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A

References

Acknowledgements

This vulnerability was reported by Philippe Biondi Arnaud Ebalard of EADS Innovation Works — IW/SE/CS, IT Sec lab, Suresnes, France at CanSecWest 2007

This document was written by Chris Taschner.

Other Information

CVE IDs: CVE-2007-2242
Severity Metric: 11.03
Date Public: 2007-04-24
Date First Published: 2007-06-13
Date Last Updated: 2011-07-22 12:54 UTC
Document Revision: 38

Sponsored by the Department of Homeland Security Office of Cybersecurity and Communications.