diff options
| author | Remko Lodder <remko@FreeBSD.org> | 2007-04-28 18:34:30 +0000 |
|---|---|---|
| committer | Remko Lodder <remko@FreeBSD.org> | 2007-04-28 18:34:30 +0000 |
| commit | 507f8c52089e4adc2b9f9d59e7a017dfac50e428 (patch) | |
| tree | bdbc2be4eac0a9b267f522d37684238989eb6d26 /security | |
| parent | db7dfc1ba3a1a8eac28673fd6181a374a4d26c21 (diff) | |
Document FreeBSD -- IPv6 Routing Header 0 is dangerous
Notes
Notes:
svn path=/head/; revision=191074
Diffstat (limited to 'security')
| -rw-r--r-- | security/vuxml/vuln.xml | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 42b4885ea531..758ce0bb7d29 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -34,6 +34,50 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="275b845e-f56c-11db-8163-000e0c2e438a"> + <topic>FreeBSD -- IPv6 Routing Header 0 is dangerous</topic> + <affects> + <system> + <name>FreeBSD</name> + <range><gt>6.2</gt><lt>6.2_4</lt></range> + <range><gt>6.1</gt><lt>6.1_16</lt></range> + <range><gt>5.5</gt><lt>5.5_12</lt></range> + </system> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <h1>Problem Description</h1> + <p>There is no mechanism for preventing IPv6 routing headers + from being used to route packets over the same link(s) many + times.</p> + <h1>Impact</h1> + <p>An attacker can "amplify" a denial of service attack against + a link between two vulnerable hosts; that is, by sending a + small volume of traffic the attacker can consume a much larger + amount of bandwidth between the two vulnerable hosts.</p> + <p>An attacker can use vulnerable hosts to "concentrate" a + denial of service attack against a victim host or network; + that is, a set of packets sent over a period of 30 seconds + or more could be constructed such that they all arrive at + the victim within a period of 1 second or less over a + period of 30 seconds or more could be constructed such that + they all arrive at the victim within a period of 1 second or + less.</p> + <p>Other attacks may also be possible.</p> + <h1>Workaround</h1> + <p>No workaround is available.</p> + </body> + </description> + <references> + <cvename>CVE-2007-2242</cvename> + <freebsdsa>SA-07:03.ipv6</freebsdsa> + </references> + <dates> + <discovery>2007-04-26</discovery> + <entry>2007-04-28</entry> + </dates> + </vuln> + <vuln vid="ef2ffb03-f2b0-11db-ad25-0010b5a0a860"> <topic>mod_perl -- remote DoS in PATH_INFO parsing</topic> <affects> |