[Japanese]

JVNDB-2009-000068

Implementations of IPv6 may be vulnerable to denial of service (DoS) attacks

Overview

Implementations of Internet Protocol version 6 (IPv6) may be vulnerable to denial of service (DoS) attacks.

Implementations of IPv6 contain an issue in the processing of packets related to the Neighbor Discovery Protocol (RFC4861), which may lead to a denial of service vulnerablility.

For more information, refer to the vendor's website.

Akira Kanai of INTERNET MULTIFEED CO., Shin Shirahata and Rodney Van Meter of Keio University and Tatuya Jinmei of Internet Systems Consortium, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developers under Information Security Early Warning Partnership.

The reporters would also like to thank the following for the analysis of the vulnerability:
Shinsuke Suzuki of KAME Project, Hideaki Yoshifuji and Shinta Sugimoto of USAGI Project.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 5.7 (Medium) [IPA Score]
  • Access Vector: Adjacent Network
  • Access Complexity: Medium
  • Authentication: None
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: Complete
Affected Products


Internet Initiative Japan Inc.
  • SEIL/neu 2FE Plus 1.00 - 1.92
  • SEIL/neu 128,T1 1.00 - 2.43
  • SEIL/Turbo 1.00 - 1.92
  • SEIL/X1 1.00 - 1.22
  • SEIL/X2 1.00 - 1.22
Yamaha Corporation
  • RT105 Series Rev.6.02.03 and later
  • RT107e Rev.8.03.15-Rev.8.03.78
  • RT140 Series Rev.6.02.03 and later
  • RT250i Rev.8.02.14-Rev.8.02.48
  • RT300i Rev.6.02.03 and later
  • RT56v
  • RT57i Rev.8.00.11-Rev.8.00.87
  • RT58i Rev.9.01.11-Rev.9.01.36
  • RT60w Rev.5.02.04 and later
  • RTA54i Rev.4.04.03 and later
  • RTA55i
  • RTV700 Rev.8.00.23-Rev.8.00.81
  • RTW65b
  • RTW65i
  • RTX1000
  • RTX1100 Rev.8.02.14-Rev.8.03.77
  • RTX1500 Rev.8.02.14-Rev.8.03.77
  • RTX2000
  • RTX3000 Rev.9.00.08-Rev.9.00.40
  • SRT100 Rev.10.00.08-Rev.10.00.31
THE FURUKAWA ELECTRIC CO., LTD.
  • FITELnet-F Series FITELnet-F80
  • FITELnet-F Series FITELnet-F100
  • FITELnet-F Series FITELnet-F140
  • FITELnet-F Series FITELnet-F1000
  • FITELnet-F Series FITELnet-F2000
NEC Corporation
  • IP38X SERIES

Impact

Reception of a large number of packets from a malicious third party that is on the same link within the network may lead to a denial of service.
Solution

[Update the Software]
Update to the latest version according to the information provided by the developer.

[Workarounds]
Until an update can be applied, the following workarounds may mitigate the affects of this vulnerability.

* Use Secure Neighbor Discovery (SEND)
Check the validity of packets using Cryptographically Generated Address (CGA) that is described in RFC3972.
* Filter traffic at the client node
When possible, use a personal firewall, etc. to drop Router Advertisement (RA) and ND Redirect packets.
* Filter traffic using a L2 communication relaying device
If a L2 communication relaying device (switch or wireless LAN access point) is avaliable to filter packets based on IPv6 headers, either deny RA and ND Redirect packets not from the router or limit direct communication between client nodes. Note that Duplicate Address Detection (DAD) may not function properly when limiting direct client communication.
Vendor Information

Internet Initiative Japan Inc. Yamaha Corporation THE FURUKAWA ELECTRIC CO., LTD. NEC Corporation
  • NEC Security Information : NV09-016 (Japanese)
CWE (What is CWE?)

  1. Improper Input Validation(CWE-20) [IPA Evaluation]
CVE (What is CVE?)

References

  1. JVN : JVN#75368899
  2. IETF : RFC4942
  3. IETF : RFC3971
  4. IETF : RFC3972
  5. IETF : RFC4861
  6. IETF : RFC4862
  7. IETF : RFC3756
  8. IETF : RFC4890
Revision History

  • [2009/10/26]
      Web page published
    [2009/11/17]
      Affected Products : Added Internet Initiative Japan Inc. (a00680).
      Affected Products : Added Yamaha Corporation  (75368899).
      Vendor Information : Added Internet Initiative Japan Inc. (a00680).
      Vendor Information : Added Yamaha Corporation  (75368899).
    [2010/01/25]
      Affected Products : Added NEC Corporation (NV09-016).
      Vendor Information : Added NEC Corporation (NV09-016).