Vulnerability Bulletins |
Denegación de servicio en IPv6 |
|
Vulnerability classification |
|
Property | Value |
Confidence level | Oficial |
Impact | Denegación de Servicio |
Dificulty | Experto |
Required attacker level | Acceso remoto sin cuenta a un servicio estandar |
System information |
|
Property | Value |
Affected manufacturer | GNU/Linux |
Affected software | IPv6 |
Description |
|
Se ha descubierto una vulnerabilidad en la implementación del protocolo IPv6. La vulnerabilidad reside en un error cuando maneja ciertas cabeceras. Un atacante remoto podría causar una denegación de servicio mediante una cabecera IPv6 de enrutamiento (IPV6_RTHDR_TYPE_0). |
|
Solution |
|
Actualización de software OpenBSD OpenBSD 3.9 ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.9/common/022_route6.patch OpenBSD 4.0 ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.0/common/012_route6.patch FreeBSD FreeBSD 5.5, 6.1, 6.2 fetch http://security.FreeBSD.org/patches/SA-07:03/ipv6.patch fetch http://security.FreeBSD.org/patches/SA-07:03/ipv6.patch.asc Red Hat (RHSA-2007:0347-2) RHEL Desktop Workstation (v. 5 client) Red Hat Enterprise Linux (v. 5 server) Red Hat Enterprise Linux Desktop (v. 5 client) https://rhn.redhat.com/ Apple Mac OS X 10.4.10 (PPC) http://www.apple.com/support/downloads/macosx10410updateppc.html Mac OS X 10.4.10 Combo (PPC) http://www.apple.com/support/downloads/macosx10410comboupdateppc.html Mac OS X 10.4.10 (Intel) http://www.apple.com/support/downloads/macosx10410updateintel.html Mac OS X 10.4.10 Combo (Intel) http://www.apple.com/support/downloads/macosx10410comboupdateintel.html Mac OS X Server 10.4.10 (PPC) http://www.apple.com/support/downloads/macosxserver10410updateppc.html Mac OS X Server 10.4.10 Combo (PPC) http://www.apple.com/support/downloads/macosxserver10410comboupdateppc.html Mac OS X Server 10.4.10 Combo (Universal) http://www.apple.com/support/downloads/macosxserver10410comboupdateuniversal.html Mandriva (MDKSA-2007:171) Mandriva Linux 2007 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/i586/kernel-2.6.17.15mdv-1-1mdv2007.0.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/i586/kernel-doc-2.6.17.15mdv-1-1mdv2007.0.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/i586/kernel-enterprise-2.6.17.15mdv-1-1mdv2007.0.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/i586/kernel-legacy-2.6.17.15mdv-1-1mdv2007.0.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/i586/kernel-source-2.6.17.15mdv-1-1mdv2007.0.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/i586/kernel-source-stripped-2.6.17.15mdv-1-1mdv2007.0.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/i586/kernel-xen0-2.6.17.15mdv-1-1mdv2007.0.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/i586/kernel-xenU-2.6.17.15mdv-1-1mdv2007.0.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/SRPMS/kernel-2.6.17.15mdv-1-1mdv2007.0.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/x86_64/kernel-2.6.17.15mdv-1-1mdv2007.0.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/x86_64/kernel-doc-2.6.17.15mdv-1-1mdv2007.0.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/x86_64/kernel-source-2.6.17.15mdv-1-1mdv2007.0.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/x86_64/kernel-source-stripped-2.6.17.15mdv-1-1mdv2007.0.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/x86_64/kernel-xen0-2.6.17.15mdv-1-1mdv2007.0.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/x86_64/kernel-xenU-2.6.17.15mdv-1-1mdv2007.0.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/SRPMS/kernel-2.6.17.15mdv-1-1mdv2007.0.src.rpm Mandriva Linux 2007.1 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/i586/kernel-2.6.17.15mdv-1-1mdv2007.1.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/i586/kernel-doc-2.6.17.15mdv-1-1mdv2007.1.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/i586/kernel-doc-latest-2.6.17-15mdv.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/i586/kernel-enterprise-2.6.17.15mdv-1-1mdv2007.1.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/i586/kernel-enterprise-latest-2.6.17-15mdv.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/i586/kernel-latest-2.6.17-15mdv.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/i586/kernel-legacy-2.6.17.15mdv-1-1mdv2007.1.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/i586/kernel-legacy-latest-2.6.17-15mdv.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/i586/kernel-source-2.6.17.15mdv-1-1mdv2007.1.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/i586/kernel-source-latest-2.6.17-15mdv.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/i586/kernel-source-stripped-2.6.17.15mdv-1-1mdv2007.1.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/i586/kernel-source-stripped-latest-2.6.17-15mdv.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/i586/kernel-xen0-2.6.17.15mdv-1-1mdv2007.1.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/i586/kernel-xen0-latest-2.6.17-15mdv.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/i586/kernel-xenU-2.6.17.15mdv-1-1mdv2007.1.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/i586/kernel-xenU-latest-2.6.17-15mdv.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/SRPMS/kernel-2.6.17.15mdv-1-1mdv2007.1.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/x86_64/kernel-2.6.17.15mdv-1-1mdv2007.1.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/x86_64/kernel-doc-2.6.17.15mdv-1-1mdv2007.1.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/x86_64/kernel-doc-latest-2.6.17-15mdv.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/x86_64/kernel-latest-2.6.17-15mdv.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/x86_64/kernel-source-2.6.17.15mdv-1-1mdv2007.1.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/x86_64/kernel-source-latest-2.6.17-15mdv.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/x86_64/kernel-source-stripped-2.6.17.15mdv-1-1mdv2007.1.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/x86_64/kernel-source-stripped-latest-2.6.17-15mdv.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/x86_64/kernel-xen0-2.6.17.15mdv-1-1mdv2007.1.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/x86_64/kernel-xen0-latest-2.6.17-15mdv.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/x86_64/kernel-xenU-2.6.17.15mdv-1-1mdv2007.1.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/x86_64/kernel-xenU-latest-2.6.17-15mdv.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/SRPMS/kernel-2.6.17.15mdv-1-1mdv2007.1.src.rpm Suse Linux Las actualizaciones pueden descargarse mediante YAST o del servidor FTP oficial de Suse Linux. NetBSD (NetBSD-SA2007-005) NetBSD-current / Update 2007-04-23 netBSD 4.0 / Update 2007-04-28 NetBSD 3.x / Update 2007-04-27 NetBSD 2.x / Update 2007-06-05 http://www.NetBSD.org/guide/en/chap-kernel.html Mandriva (MDKSA-2007:216) Corporate Server 3.0 X86 corporate/3.0/i586/kernel-2.6.3.37mdk-1-1mdk.i586.rpm corporate/3.0/i586/kernel-BOOT-2.6.3.37mdk-1-1mdk.i586.rpm corporate/3.0/i586/kernel-doc-2.6.3-37mdk.i586.rpm corporate/3.0/i586/kernel-enterprise-2.6.3.37mdk-1-1mdk.i586.rpm corporate/3.0/i586/kernel-i686-up-4GB-2.6.3.37mdk-1-1mdk.i586.rpm corporate/3.0/i586/kernel-p3-smp-64GB-2.6.3.37mdk-1-1mdk.i586.rpm corporate/3.0/i586/kernel-secure-2.6.3.37mdk-1-1mdk.i586.rpm corporate/3.0/i586/kernel-smp-2.6.3.37mdk-1-1mdk.i586.rpm corporate/3.0/i586/kernel-source-2.6.3-37mdk.i586.rpm corporate/3.0/i586/kernel-source-stripped-2.6.3-37mdk.i586.rpm corporate/3.0/SRPMS/kernel-2.6.3.37mdk-1-1mdk.src.rpm X86_64 corporate/3.0/x86_64/kernel-2.6.3.37mdk-1-1mdk.x86_64.rpm corporate/3.0/x86_64/kernel-BOOT-2.6.3.37mdk-1-1mdk.x86_64.rpm corporate/3.0/x86_64/kernel-doc-2.6.3-37mdk.x86_64.rpm corporate/3.0/x86_64/kernel-secure-2.6.3.37mdk-1-1mdk.x86_64.rpm corporate/3.0/x86_64/kernel-smp-2.6.3.37mdk-1-1mdk.x86_64.rpm corporate/3.0/x86_64/kernel-source-2.6.3-37mdk.x86_64.rpm corporate/3.0/x86_64/kernel-source-stripped-2.6.3-37mdk.x86_64.rpm corporate/3.0/SRPMS/kernel-2.6.3.37mdk-1-1mdk.src.rpm Multi Network Firewall 2.0 X86 mnf/2.0/i586/kernel-2.6.3.37mdk-1-1mdk.i586.rpm mnf/2.0/i586/kernel-i686-up-4GB-2.6.3.37mdk-1-1mdk.i586.rpm mnf/2.0/i586/kernel-p3-smp-64GB-2.6.3.37mdk-1-1mdk.i586.rpm mnf/2.0/i586/kernel-secure-2.6.3.37mdk-1-1mdk.i586.rpm mnf/2.0/i586/kernel-smp-2.6.3.37mdk-1-1mdk.i586.rpm mnf/2.0/SRPMS/kernel-2.6.3.37mdk-1-1mdk.src.rpm |
|
Standar resources |
|
Property | Value |
CVE | CVE-2007-2242 |
BID | 23615 |
Other resources |
|
OpenBSD Security Advisory April 23, 2007 http://www.openbsd.org/security.html FreeBSD Security Advisory (FreeBSD-SA-05:21.openssl) http://security.freebsd.org/advisories/FreeBSD-SA-07:03.ipv6.asc Red Hat Security Advisory (RHSA-2007:0347-2) https://rhn.redhat.com/errata/RHSA-2007-0347.html Apple Security Update (305712) http://docs.info.apple.com/article.html?artnum=305712 Mandriva Security Advisory (MDKSA-2007:171) http://www.mandriva.com/security/advisories?name=MDKSA-2007:171 SUSE Security Advisory (SUSE-SA:2007:051) http://www.novell.com/linux/security/advisories/2007_51_kernel.html NetBSD Security Advisory (NetBSD-SA2007-005) ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2007-005.txt.asc Mandriva Security Advisory (MDKSA-2007:216) http://www.mandriva.com/security/advisories?name=MDKSA-2007:216 |
Version history |
||
Version | Comments | Date |
1.0 | Aviso emitido | 2007-04-30 |
1.1 | Aviso emitido por FreeBSD (FreeBSD-SA-07:03.ipv6) | 2007-05-16 |
1.2 | Aviso emitido por Red Hat (RHSA-2007:0347-2) | 2007-05-17 |
1.3 | Aviso emitido por Apple (305712) | 2007-06-21 |
1.4 | Aviso emitido por Mandriva (MDKSA-2007:171) | 2007-08-29 |
1.5 | Aviso emitido por Suse (SUSE-SA:2007:051) | 2007-09-07 |
1.6 | Aviso emitido por NetBSD (NetBSD-SA2007-005) | 2007-09-14 |
1.7 | Aviso emitido por Mandriva (MDKSA-2007:216) | 2007-11-15 |