Published:2009/10/26  Last Updated:2014/10/27

JVN#75368899
Implementations of IPv6 may be vulnerable to denial of service (DoS) attacks

Overview

Implementations of Internet Protocol version 6 (IPv6) may be vulnerable to denial of service (DoS) attacks.

Products Affected

Products that implement IPv6 may be affected by this vulnerability.

For more information, refer to the vendor's website.

Description

Implementations of IPv6 contain an issue in the processing of packets related to the Neighbor Discovery Protocol (RFC4861), which may lead to a denial of service vulnerablility.

Impact

Reception of a large number of packets from a malicious third party that is on the same link within the network may lead to a denial of service.

Solution

Update the Software
Update to the latest version according to the information provided by the developer.

Vendor Status

Vendor Status Last Update Vendor Notes
FUJITSU LIMITED Not Vulnerable 2014/10/27
FURUKAWA ELECTRIC CO., LTD. Vulnerable 2009/10/26
Hitachi Not Vulnerable, investigating 2009/10/27
Internet Initiative Japan Inc. Vulnerable 2009/10/27
Microsoft Japan Co.,Ltd. Vulnerable 2013/03/04 Microsoft Japan Co.,Ltd. website
NEC Corporation Vulnerable 2009/12/21
TOSHIBA TEC CORPORATION Not Vulnerable 2009/10/26
Yamaha Corporation Vulnerable 2009/10/27
Vendor Link
Apple About the security content of Time Capsule and AirPort Base Station (802.11n) Firmware 7.5.2 (CVE-2009-2189)

References

  1. RFC4942
    IPv6 Transition/Coexistence Security Considerations
  2. RFC3971
    SEcure Neighbor Discovery (SEND)
  3. RFC3972
    Cryptographically Generated Addresses (CGA)
  4. RFC4861
    Neighbor Discovery for IP version 6 (IPv6)
  5. RFC4862
    IPv6 Stateless Address Autoconfiguration
  6. RFC3756
    IPv6 Neighbor Discovery (ND) Trust Models and Threats
  7. RFC4890
    Recommendations for Filtering ICMPv6 Messages in Firewalls

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Analyzed on 2009.10.26

Measures Conditions Severity
Access Required must be attacked from a local segment, such as Ethernet, Bluetooth, and 802.11 attacks
  • Mid-High
Authentication anonymous or no authentication (IP addresses do not count)
  • High
User Interaction Required the vulnerability can be exploited without an honest user taking any action
  • High
Exploit Complexity some expertise and/or luck required (most buffer overflows, guessing correctly in small space, expertise in Windows function calls)
  • Mid-High

Description of each analysis measures

Credit

Akira Kanai of INTERNET MULTIFEED CO., Shin Shirahata and Rodney Van Meter of Keio University and Tatuya Jinmei of Internet Systems Consortium, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developers under Information Security Early Warning Partnership.

The reporters would also like to thank the following for the analysis of the vulnerability:
Shinsuke Suzuki of KAME Project, Hideaki Yoshifuji and Shinta Sugimoto of USAGI Project.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE
JVN iPedia JVNDB-2009-000068

Update History

2009/10/27
Information under the section "Vendor Status" has been updated.
2012/05/15
Information under the section "Vendor Status" has been updated.
2013/03/04
Microsoft Japan Co.,Ltd. update status
2014/10/27
FUJITSU LIMITED update status