Boletines de Vulnerabilidades |
Denegación de servicio en IPv6 |
|
Clasificación de la vulnerabilidad |
|
Propiedad | Valor |
Nivel de Confianza | Oficial |
Impacto | Denegación de Servicio |
Dificultad | Experto |
Requerimientos del atacante | Acceso remoto sin cuenta a un servicio estandar |
Información sobre el sistema |
|
Propiedad | Valor |
Fabricante afectado | GNU/Linux |
Software afectado | IPv6 |
Descripción |
|
Se ha descubierto una vulnerabilidad en la implementación del protocolo IPv6. La vulnerabilidad reside en un error cuando maneja ciertas cabeceras. Un atacante remoto podría causar una denegación de servicio mediante una cabecera IPv6 de enrutamiento (IPV6_RTHDR_TYPE_0). |
|
Solución |
|
Actualización de software OpenBSD OpenBSD 3.9 ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.9/common/022_route6.patch OpenBSD 4.0 ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.0/common/012_route6.patch FreeBSD FreeBSD 5.5, 6.1, 6.2 fetch http://security.FreeBSD.org/patches/SA-07:03/ipv6.patch fetch http://security.FreeBSD.org/patches/SA-07:03/ipv6.patch.asc Red Hat (RHSA-2007:0347-2) RHEL Desktop Workstation (v. 5 client) Red Hat Enterprise Linux (v. 5 server) Red Hat Enterprise Linux Desktop (v. 5 client) https://rhn.redhat.com/ Apple Mac OS X 10.4.10 (PPC) http://www.apple.com/support/downloads/macosx10410updateppc.html Mac OS X 10.4.10 Combo (PPC) http://www.apple.com/support/downloads/macosx10410comboupdateppc.html Mac OS X 10.4.10 (Intel) http://www.apple.com/support/downloads/macosx10410updateintel.html Mac OS X 10.4.10 Combo (Intel) http://www.apple.com/support/downloads/macosx10410comboupdateintel.html Mac OS X Server 10.4.10 (PPC) http://www.apple.com/support/downloads/macosxserver10410updateppc.html Mac OS X Server 10.4.10 Combo (PPC) http://www.apple.com/support/downloads/macosxserver10410comboupdateppc.html Mac OS X Server 10.4.10 Combo (Universal) http://www.apple.com/support/downloads/macosxserver10410comboupdateuniversal.html Mandriva (MDKSA-2007:171) Mandriva Linux 2007 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/i586/kernel-2.6.17.15mdv-1-1mdv2007.0.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/i586/kernel-doc-2.6.17.15mdv-1-1mdv2007.0.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/i586/kernel-enterprise-2.6.17.15mdv-1-1mdv2007.0.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/i586/kernel-legacy-2.6.17.15mdv-1-1mdv2007.0.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/i586/kernel-source-2.6.17.15mdv-1-1mdv2007.0.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/i586/kernel-source-stripped-2.6.17.15mdv-1-1mdv2007.0.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/i586/kernel-xen0-2.6.17.15mdv-1-1mdv2007.0.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/i586/kernel-xenU-2.6.17.15mdv-1-1mdv2007.0.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/SRPMS/kernel-2.6.17.15mdv-1-1mdv2007.0.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/x86_64/kernel-2.6.17.15mdv-1-1mdv2007.0.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/x86_64/kernel-doc-2.6.17.15mdv-1-1mdv2007.0.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/x86_64/kernel-source-2.6.17.15mdv-1-1mdv2007.0.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/x86_64/kernel-source-stripped-2.6.17.15mdv-1-1mdv2007.0.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/x86_64/kernel-xen0-2.6.17.15mdv-1-1mdv2007.0.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/x86_64/kernel-xenU-2.6.17.15mdv-1-1mdv2007.0.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/SRPMS/kernel-2.6.17.15mdv-1-1mdv2007.0.src.rpm Mandriva Linux 2007.1 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/i586/kernel-2.6.17.15mdv-1-1mdv2007.1.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/i586/kernel-doc-2.6.17.15mdv-1-1mdv2007.1.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/i586/kernel-doc-latest-2.6.17-15mdv.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/i586/kernel-enterprise-2.6.17.15mdv-1-1mdv2007.1.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/i586/kernel-enterprise-latest-2.6.17-15mdv.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/i586/kernel-latest-2.6.17-15mdv.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/i586/kernel-legacy-2.6.17.15mdv-1-1mdv2007.1.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/i586/kernel-legacy-latest-2.6.17-15mdv.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/i586/kernel-source-2.6.17.15mdv-1-1mdv2007.1.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/i586/kernel-source-latest-2.6.17-15mdv.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/i586/kernel-source-stripped-2.6.17.15mdv-1-1mdv2007.1.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/i586/kernel-source-stripped-latest-2.6.17-15mdv.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/i586/kernel-xen0-2.6.17.15mdv-1-1mdv2007.1.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/i586/kernel-xen0-latest-2.6.17-15mdv.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/i586/kernel-xenU-2.6.17.15mdv-1-1mdv2007.1.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/i586/kernel-xenU-latest-2.6.17-15mdv.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/SRPMS/kernel-2.6.17.15mdv-1-1mdv2007.1.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/x86_64/kernel-2.6.17.15mdv-1-1mdv2007.1.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/x86_64/kernel-doc-2.6.17.15mdv-1-1mdv2007.1.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/x86_64/kernel-doc-latest-2.6.17-15mdv.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/x86_64/kernel-latest-2.6.17-15mdv.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/x86_64/kernel-source-2.6.17.15mdv-1-1mdv2007.1.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/x86_64/kernel-source-latest-2.6.17-15mdv.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/x86_64/kernel-source-stripped-2.6.17.15mdv-1-1mdv2007.1.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/x86_64/kernel-source-stripped-latest-2.6.17-15mdv.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/x86_64/kernel-xen0-2.6.17.15mdv-1-1mdv2007.1.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/x86_64/kernel-xen0-latest-2.6.17-15mdv.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/x86_64/kernel-xenU-2.6.17.15mdv-1-1mdv2007.1.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/x86_64/kernel-xenU-latest-2.6.17-15mdv.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/SRPMS/kernel-2.6.17.15mdv-1-1mdv2007.1.src.rpm Suse Linux Las actualizaciones pueden descargarse mediante YAST o del servidor FTP oficial de Suse Linux. NetBSD (NetBSD-SA2007-005) NetBSD-current / Update 2007-04-23 netBSD 4.0 / Update 2007-04-28 NetBSD 3.x / Update 2007-04-27 NetBSD 2.x / Update 2007-06-05 http://www.NetBSD.org/guide/en/chap-kernel.html Mandriva (MDKSA-2007:216) Corporate Server 3.0 X86 corporate/3.0/i586/kernel-2.6.3.37mdk-1-1mdk.i586.rpm corporate/3.0/i586/kernel-BOOT-2.6.3.37mdk-1-1mdk.i586.rpm corporate/3.0/i586/kernel-doc-2.6.3-37mdk.i586.rpm corporate/3.0/i586/kernel-enterprise-2.6.3.37mdk-1-1mdk.i586.rpm corporate/3.0/i586/kernel-i686-up-4GB-2.6.3.37mdk-1-1mdk.i586.rpm corporate/3.0/i586/kernel-p3-smp-64GB-2.6.3.37mdk-1-1mdk.i586.rpm corporate/3.0/i586/kernel-secure-2.6.3.37mdk-1-1mdk.i586.rpm corporate/3.0/i586/kernel-smp-2.6.3.37mdk-1-1mdk.i586.rpm corporate/3.0/i586/kernel-source-2.6.3-37mdk.i586.rpm corporate/3.0/i586/kernel-source-stripped-2.6.3-37mdk.i586.rpm corporate/3.0/SRPMS/kernel-2.6.3.37mdk-1-1mdk.src.rpm X86_64 corporate/3.0/x86_64/kernel-2.6.3.37mdk-1-1mdk.x86_64.rpm corporate/3.0/x86_64/kernel-BOOT-2.6.3.37mdk-1-1mdk.x86_64.rpm corporate/3.0/x86_64/kernel-doc-2.6.3-37mdk.x86_64.rpm corporate/3.0/x86_64/kernel-secure-2.6.3.37mdk-1-1mdk.x86_64.rpm corporate/3.0/x86_64/kernel-smp-2.6.3.37mdk-1-1mdk.x86_64.rpm corporate/3.0/x86_64/kernel-source-2.6.3-37mdk.x86_64.rpm corporate/3.0/x86_64/kernel-source-stripped-2.6.3-37mdk.x86_64.rpm corporate/3.0/SRPMS/kernel-2.6.3.37mdk-1-1mdk.src.rpm Multi Network Firewall 2.0 X86 mnf/2.0/i586/kernel-2.6.3.37mdk-1-1mdk.i586.rpm mnf/2.0/i586/kernel-i686-up-4GB-2.6.3.37mdk-1-1mdk.i586.rpm mnf/2.0/i586/kernel-p3-smp-64GB-2.6.3.37mdk-1-1mdk.i586.rpm mnf/2.0/i586/kernel-secure-2.6.3.37mdk-1-1mdk.i586.rpm mnf/2.0/i586/kernel-smp-2.6.3.37mdk-1-1mdk.i586.rpm mnf/2.0/SRPMS/kernel-2.6.3.37mdk-1-1mdk.src.rpm |
|
Identificadores estándar |
|
Propiedad | Valor |
CVE | CVE-2007-2242 |
BID | 23615 |
Recursos adicionales |
|
OpenBSD Security Advisory April 23, 2007 http://www.openbsd.org/security.html FreeBSD Security Advisory (FreeBSD-SA-05:21.openssl) http://security.freebsd.org/advisories/FreeBSD-SA-07:03.ipv6.asc Red Hat Security Advisory (RHSA-2007:0347-2) https://rhn.redhat.com/errata/RHSA-2007-0347.html Apple Security Update (305712) http://docs.info.apple.com/article.html?artnum=305712 Mandriva Security Advisory (MDKSA-2007:171) http://www.mandriva.com/security/advisories?name=MDKSA-2007:171 SUSE Security Advisory (SUSE-SA:2007:051) http://www.novell.com/linux/security/advisories/2007_51_kernel.html NetBSD Security Advisory (NetBSD-SA2007-005) ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2007-005.txt.asc Mandriva Security Advisory (MDKSA-2007:216) http://www.mandriva.com/security/advisories?name=MDKSA-2007:216 |
Histórico de versiones |
||
Versión | Comentario | Fecha |
1.0 | Aviso emitido | 2007-04-30 |
1.1 | Aviso emitido por FreeBSD (FreeBSD-SA-07:03.ipv6) | 2007-05-16 |
1.2 | Aviso emitido por Red Hat (RHSA-2007:0347-2) | 2007-05-17 |
1.3 | Aviso emitido por Apple (305712) | 2007-06-21 |
1.4 | Aviso emitido por Mandriva (MDKSA-2007:171) | 2007-08-29 |
1.5 | Aviso emitido por Suse (SUSE-SA:2007:051) | 2007-09-07 |
1.6 | Aviso emitido por NetBSD (NetBSD-SA2007-005) | 2007-09-14 |
1.7 | Aviso emitido por Mandriva (MDKSA-2007:216) | 2007-11-15 |