jvndb-2009-000068
Vulnerability from jvndb
Published
2009-10-26 15:58
Modified
2010-01-25 12:02
Summary
Implementations of IPv6 may be vulnerable to denial of service (DoS) attacks
Details
Implementations of Internet Protocol version 6 (IPv6) may be vulnerable to denial of service (DoS) attacks.
Implementations of IPv6 contain an issue in the processing of packets related to the Neighbor Discovery Protocol (RFC4861), which may lead to a denial of service vulnerablility.
For more information, refer to the vendor's website.
Akira Kanai of INTERNET MULTIFEED CO., Shin Shirahata and Rodney Van Meter of Keio University and Tatuya Jinmei of Internet Systems Consortium, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developers under Information Security Early Warning Partnership.
The reporters would also like to thank the following for the analysis of the vulnerability:
Shinsuke Suzuki of KAME Project, Hideaki Yoshifuji and Shinta Sugimoto of USAGI Project.
References
| ▼ | Type | URL |
|---|---|---|
| JVN | http://jvn.jp/en/jp/JVN75368899/index.html | |
| IETF | http://www.ietf.org/rfc/rfc4942.txt | |
| IETF | http://www.ietf.org/rfc/rfc3971.txt | |
| IETF | http://www.ietf.org/rfc/rfc3972.txt | |
| IETF | http://www.ietf.org/rfc/rfc4861.txt | |
| IETF | http://www.ietf.org/rfc/rfc4862.txt | |
| IETF | http://www.ietf.org/rfc/rfc3756.txt | |
| IETF | http://www.ietf.org/rfc/rfc4890.txt | |
| Improper Input Validation(CWE-20) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000068.html",
"dc:date": "2010-01-25T12:02+09:00",
"dcterms:issued": "2009-10-26T15:58+09:00",
"dcterms:modified": "2010-01-25T12:02+09:00",
"description": "Implementations of Internet Protocol version 6 (IPv6) may be vulnerable to denial of service (DoS) attacks.\r\n\r\nImplementations of IPv6 contain an issue in the processing of packets related to the Neighbor Discovery Protocol (RFC4861), which may lead to a denial of service vulnerablility.\r\n\r\nFor more information, refer to the vendor\u0027s website.\r\n\r\nAkira Kanai of INTERNET MULTIFEED CO., Shin Shirahata and Rodney Van Meter of Keio University and Tatuya Jinmei of Internet Systems Consortium, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developers under Information Security Early Warning Partnership.\r\n\r\nThe reporters would also like to thank the following for the analysis of the vulnerability:\r\nShinsuke Suzuki of KAME Project, Hideaki Yoshifuji and Shinta Sugimoto of USAGI Project.",
"link": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000068.html",
"sec:cpe": [
{
"#text": "cpe:/h:furukawa_electric:fitelnet-f",
"@product": "FITELnet-F Series",
"@vendor": "THE FURUKAWA ELECTRIC CO., LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/h:nec:ip38x",
"@product": "IP38X SERIES",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/h:yamaha:rt105",
"@product": "RT105 Series",
"@vendor": "Yamaha Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/h:yamaha:rt107e",
"@product": "RT107e",
"@vendor": "Yamaha Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/h:yamaha:rt140",
"@product": "RT140 Series",
"@vendor": "Yamaha Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/h:yamaha:rt250i",
"@product": "RT250i",
"@vendor": "Yamaha Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/h:yamaha:rt300i",
"@product": "RT300i",
"@vendor": "Yamaha Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/h:yamaha:rt56v",
"@product": "RT56v",
"@vendor": "Yamaha Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/h:yamaha:rt60w",
"@product": "RT60w",
"@vendor": "Yamaha Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/h:yamaha:rta54i",
"@product": "RTA54i",
"@vendor": "Yamaha Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/h:yamaha:rta55i",
"@product": "RTA55i",
"@vendor": "Yamaha Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/h:yamaha:rtv700",
"@product": "RTV700",
"@vendor": "Yamaha Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/h:yamaha:rtw65b",
"@product": "RTW65b",
"@vendor": "Yamaha Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/h:yamaha:rtw65i",
"@product": "RTW65i",
"@vendor": "Yamaha Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/h:yamaha:rtx1000",
"@product": "RTX1000",
"@vendor": "Yamaha Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/h:yamaha:rtx1100",
"@product": "RTX1100",
"@vendor": "Yamaha Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/h:yamaha:rtx1500",
"@product": "RTX1500",
"@vendor": "Yamaha Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/h:yamaha:rtx2000",
"@product": "RTX2000",
"@vendor": "Yamaha Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/h:yamaha:rtx3000",
"@product": "RTX3000",
"@vendor": "Yamaha Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/h:yamaha:srt100",
"@product": "SRT100",
"@vendor": "Yamaha Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:yamaha:rt57i_firmware",
"@product": "RT57i",
"@vendor": "Yamaha Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:yamaha:rt58i_firmware",
"@product": "RT58i",
"@vendor": "Yamaha Corporation",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "5.7",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:A/AC:M/Au:N/C:N/I:N/A:C",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2009-000068",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN75368899/index.html",
"@id": "JVN#75368899",
"@source": "JVN"
},
{
"#text": "http://www.ietf.org/rfc/rfc4942.txt",
"@id": "RFC4942",
"@source": "IETF"
},
{
"#text": "http://www.ietf.org/rfc/rfc3971.txt",
"@id": "RFC3971",
"@source": "IETF"
},
{
"#text": "http://www.ietf.org/rfc/rfc3972.txt",
"@id": "RFC3972",
"@source": "IETF"
},
{
"#text": "http://www.ietf.org/rfc/rfc4861.txt",
"@id": "RFC4861",
"@source": "IETF"
},
{
"#text": "http://www.ietf.org/rfc/rfc4862.txt",
"@id": "RFC4862",
"@source": "IETF"
},
{
"#text": "http://www.ietf.org/rfc/rfc3756.txt",
"@id": "RFC3756",
"@source": "IETF"
},
{
"#text": "http://www.ietf.org/rfc/rfc4890.txt",
"@id": "RFC4890",
"@source": "IETF"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-20",
"@title": "Improper Input Validation(CWE-20)"
}
],
"title": "Implementations of IPv6 may be vulnerable to denial of service (DoS) attacks"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.