cvelistv5 - cve-2009-0418

CVE-2009-0418 (GCVE-0-2009-0418)

Vulnerability from cvelistv5 – Published: 2009-02-04 19:00 – Updated: 2024-08-07 04:31

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

FKIE_CVE-2009-0418

Vulnerability from fkie_nvd - Published: 2009-02-04 19:30 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

	URL	Tags
	cve@mitre.org	http://marc.info/?l=bugtraq&m=123368621330334&w=2
	cve@mitre.org	http://secunia.com/advisories/33787
	cve@mitre.org	http://www.securitytracker.com/id?1021660
	cve@mitre.org	http://www.vupen.com/english/advisories/2009/0312
	cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5943
	af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=123368621330334&w=2
	af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/33787
	af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1021660
	af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/0312
	af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5943

Impacted products

Vendor	Product	Version
hp	hp-ux	b.11.11
hp	hp-ux	b.11.23
hp	hp-ux	b.11.31

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hp:hp-ux:b.11.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "972D4ABF-2E80-4902-910D-5BD0CBEC9765",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:hp:hp-ux:b.11.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "12C73959-3E02-4847-8962-651D652800EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:hp:hp-ux:b.11.31:*:*:*:*:*:*:*",
              "matchCriteriaId": "B64BBA96-FB3C-46AC-9A29-50EE02714FE9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The IPv6 Neighbor Discovery Protocol (NDP) implementation in HP HP-UX B.11.11, B.11.23, and B.11.31 does not validate the origin of Neighbor Discovery messages, which allows remote attackers to cause a denial of service (loss of connectivity), read private network traffic, and possibly execute arbitrary code via a spoofed message that modifies the Forward Information Base (FIB), a related issue to CVE-2008-2476."
    },
    {
      "lang": "es",
      "value": "La implementaci\u00f3n IPv6 Neighbor Discovery Protocol (NDP) en HP HP-UX B.11.11, B.11.23 y B.11.31, no valida el origen de los mensajes Neighbor Discovery -Descubrimiento de Vecinos-, esto permite a atacantes remotos provocar una denegaci\u00f3n de servicio (p\u00e9rdida de conectividad), leer el tr\u00e1fico privado de redes  y puede que ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un mensaje falso que modifica el FIB (Forward Information Base). Est\u00e1 relacionado con la vulnerabilidad CVE-2008-2476."
    }
  ],
  "id": "CVE-2009-0418",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-02-04T19:30:00.547",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=123368621330334\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/33787"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1021660"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2009/0312"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5943"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=123368621330334\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/33787"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1021660"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2009/0312"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5943"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-6RG3-F36H-W236

Vulnerability from github – Published: 2022-05-02 03:15 – Updated: 2022-05-02 03:15

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2009-0418"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2009-02-04T19:30:00Z",
    "severity": "HIGH"
  },
  "details": "The IPv6 Neighbor Discovery Protocol (NDP) implementation in HP HP-UX B.11.11, B.11.23, and B.11.31 does not validate the origin of Neighbor Discovery messages, which allows remote attackers to cause a denial of service (loss of connectivity), read private network traffic, and possibly execute arbitrary code via a spoofed message that modifies the Forward Information Base (FIB), a related issue to CVE-2008-2476.",
  "id": "GHSA-6rg3-f36h-w236",
  "modified": "2022-05-02T03:15:20Z",
  "published": "2022-05-02T03:15:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0418"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5943"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=123368621330334\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/33787"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1021660"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/0312"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

VAR-200902-0092

Vulnerability from variot - Updated: 2023-12-18 11:06

The IPv6 Neighbor Discovery Protocol (NDP) implementation in HP HP-UX B.11.11, B.11.23, and B.11.31 does not validate the origin of Neighbor Discovery messages, which allows remote attackers to cause a denial of service (loss of connectivity), read private network traffic, and possibly execute arbitrary code via a spoofed message that modifies the Forward Information Base (FIB), a related issue to CVE-2008-2476. A vulnerability in some implementations of the IPv6 Neighbor Discovery Protocol may allow a nearby attacker to intercept traffic or cause congested links to become overloaded. This vulnerability CVE-2008-2476 Vulnerability associated with. This can be exploited to cause the IPv6 stack to panic by sending specially crafted ICMPv6 messages to a vulnerable system.

2008-09-03 19:09:47 UTC (RELENG_7, 7.1-PRERELEASE) 2008-09-03 19:09:47 UTC (RELENG_7_0, 7.0-RELEASE-p4) 2008-09-03 19:09:47 UTC (RELENG_6, 6.4-PRERELEASE) 2008-09-03 19:09:47 UTC (RELENG_6_3, 6.3-RELEASE-p4)

Patch: http://security.FreeBSD.org/patches/SA-08:09/icmp6.patch

PROVIDED AND/OR DISCOVERED BY: The vendor credits Tom Parker and Bjoern A. Zeeb. ----------------------------------------------------------------------

Did you know that a change in our assessment rating, exploit code availability, or if an updated patch is released by the vendor, is not part of this mailing-list?

Click here to learn more: http://secunia.com/advisories/business_solutions/

TITLE: HP-UX IPv6 Neighbor Discovery Protocol Neighbor Solicitation Vulnerability

SECUNIA ADVISORY ID: SA33787

VERIFY ADVISORY: http://secunia.com/advisories/33787/

CRITICAL: Less critical

IMPACT: Spoofing, Exposure of sensitive information, DoS

WHERE:

From local network

OPERATING SYSTEM: HP-UX 11.x http://secunia.com/advisories/product/138/

DESCRIPTION: A vulnerability has been reported in HP-UX, which can be exploited by malicious people to conduct spoofing attacks, disclose potentially sensitive information, or to cause a DoS (Denial of Service).

This is related to: SA32112

The vulnerability is reported in HP-UX B.11.11, B.11.23, and B.11.31 running IPv6.

SOLUTION: Apply patches.

HP-UX B.11.11: Install patch PHNE_37898 or subsequent.

HP-UX B.11.23: Install patch PHNE_37897 or subsequent.

HP-UX B.11.31: Install patch PHNE_38680 or subsequent.

For more information: SA32112

2) An unspecified error exists in the handling of PPPoE discovery packets. ----------------------------------------------------------------------

Do you need accurate and reliable IDS / IPS / AV detection rules?

Get in-depth vulnerability details: http://secunia.com/binary_analysis/sample_analysis/

TITLE: Juniper Products Neighbor Discovery Protocol Neighbor Solicitation Vulnerability

SECUNIA ADVISORY ID: SA32116

VERIFY ADVISORY: http://secunia.com/advisories/32116/

CRITICAL: Less critical

IMPACT: Manipulation of data

WHERE:

From local network

OPERATING SYSTEM: Juniper IVE OS Software 1.x http://secunia.com/advisories/product/11660/ Juniper IVE OS Software 2.x http://secunia.com/advisories/product/11661/ Juniper IVE OS Software 3.x http://secunia.com/advisories/product/11662/ Juniper IVE OS Software 5.x http://secunia.com/advisories/product/6644/ Juniper IVE OS Software 4.x http://secunia.com/advisories/product/6645/ Juniper IVE OS Software 6.x http://secunia.com/advisories/product/18562/ Juniper Networks DXOS 5.x http://secunia.com/advisories/product/11183/ Juniper Networks IDP 4.x http://secunia.com/advisories/product/11181/ Juniper Networks Infranet Controller 4000 http://secunia.com/advisories/product/11167/ Juniper Networks WXC Series http://secunia.com/advisories/product/11164/ Juniper Networks WX Series http://secunia.com/advisories/product/11163/ Juniper Networks Session and Resource Control (SRC) 2.x http://secunia.com/advisories/product/19036/ Juniper Networks Secure Access 6000 SP http://secunia.com/advisories/product/13184/ Juniper Networks Secure Access 4000 (NetScreen-SA 3000 Series) http://secunia.com/advisories/product/3141/ Juniper Networks Secure Access 2000 http://secunia.com/advisories/product/11165/ Juniper Networks Infranet Controller 6000 http://secunia.com/advisories/product/11168/ Juniper Networks Secure Access 6000 (NetScreen-SA 5000 Series) http://secunia.com/advisories/product/3132/ Juniper Networks Secure Access 700 http://secunia.com/advisories/product/11166/ Juniper Networks Session and Resource Control (SRC) 1.x http://secunia.com/advisories/product/19034/

DESCRIPTION: A vulnerability has been reported in multiple Juniper Networks products, which can be exploited by malicious people to manipulate the router's neighbor cache. This can be exploited to add a fake entry to the router's neighbor cache via a neighbor solicitation request containing a spoofed IPv6 address.

Successful exploitation may allow the interception or disruption of network traffic, but requires that the IPv6 nodes involved in the attack are using the same router.

NOTE: The vendor has not published a publicly available advisory and has also refused to provide a list of the affected products or patches as information about vulnerabilities is provided to registered customers only. It is therefore unclear if only a subset of the products reported as vulnerable in this advisory are affected.

SOLUTION: It is currently unclear whether fixes are available.

PROVIDED AND/OR DISCOVERED BY: US-CERT credits David Miles.

ORIGINAL ADVISORY: Juniper (login required): https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2008-09-036&viewMode=view

US-CERT: http://www.kb.cert.org/vuls/id/MAPG-7H2RZU

OTHER REFERENCES: US-CERT VU#472363: http://www.kb.cert.org/vuls/id/472363

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200902-0092",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "hp",
        "version": "b.11.11"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "hp",
        "version": "b.11.23"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "hp",
        "version": "b.11.31"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "apple computer",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "extreme",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "force10",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ibm zseries",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "netbsd",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "openbsd",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "wind river",
        "version": null
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "11.11"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "11.23"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "11.31"
      },
      {
        "model": "river systems vxworks",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "wind",
        "version": "6.4"
      },
      {
        "model": "river systems vxworks",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "wind",
        "version": "5"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "4.4"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "4.3"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "4.2"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.0.2"
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.0.1"
      },
      {
        "model": "current",
        "scope": null,
        "trust": 0.3,
        "vendor": "netbsd",
        "version": null
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "4.0"
      },
      {
        "model": "3.1 rc3",
        "scope": null,
        "trust": 0.3,
        "vendor": "netbsd",
        "version": null
      },
      {
        "model": "netbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netbsd",
        "version": "3.1"
      },
      {
        "model": "3,1 rc1",
        "scope": null,
        "trust": 0.3,
        "vendor": "netbsd",
        "version": null
      },
      {
        "model": "financials server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "navision",
        "version": "3.0"
      },
      {
        "model": "midnightbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "midnightbsd",
        "version": "0.2.1"
      },
      {
        "model": "midnightbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "midnightbsd",
        "version": "0.1.1"
      },
      {
        "model": "midnightbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "midnightbsd",
        "version": "0.3"
      },
      {
        "model": "midnightbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "midnightbsd",
        "version": "0.1"
      },
      {
        "model": "networks wxc series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "networks wx series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "networks session and resource control appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "2.0"
      },
      {
        "model": "networks session and resource control appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "1.0"
      },
      {
        "model": "networks secure access",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "7000"
      },
      {
        "model": "networks secure access sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "60006000"
      },
      {
        "model": "networks secure access",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "600050000"
      },
      {
        "model": "networks secure access",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "400030000"
      },
      {
        "model": "networks secure access",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "20000"
      },
      {
        "model": "networks ive os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "6.0"
      },
      {
        "model": "networks ive os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "5.0"
      },
      {
        "model": "networks ive os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "4.0"
      },
      {
        "model": "networks ive os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "3.0"
      },
      {
        "model": "networks ive os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "2.0"
      },
      {
        "model": "networks ive os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "1.0"
      },
      {
        "model": "networks infranet controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "6000"
      },
      {
        "model": "networks infranet controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "4000"
      },
      {
        "model": "networks idp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "4.0"
      },
      {
        "model": "networks dxos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "5.0"
      },
      {
        "model": "z/os",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "hp-ux b.11.31",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "hp-ux b.11.23",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "hp-ux b.11.11",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "hp-ux 11i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "v3"
      },
      {
        "model": "hp-ux 11i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "v2"
      },
      {
        "model": "hp-ux 11i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "v1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0.x"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "-release-p1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.1"
      },
      {
        "model": "7.0-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "7.0-release",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "beta4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.0"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.0"
      },
      {
        "model": "-prerelease",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.0"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.0"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.3"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.3"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.2"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.2"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "-release-p10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "-release-p5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "networks ftos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "force10",
        "version": "7.7.11"
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.0"
      },
      {
        "model": "airport extreme base station",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "airport express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.3"
      },
      {
        "model": "airport express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1"
      },
      {
        "model": "airport base station",
        "scope": null,
        "trust": 0.3,
        "vendor": "apple",
        "version": null
      },
      {
        "model": "time capsule",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.4.1"
      },
      {
        "model": "airport extreme base station with 802.11n",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.4.1"
      },
      {
        "model": "airport express base station with 802.11n",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.4.1"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#472363"
      },
      {
        "db": "BID",
        "id": "31529"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-001350"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-0418"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200902-085"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:hp:hp-ux:b.11.31:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:hp:hp-ux:b.11.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:hp:hp-ux:b.11.23:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2009-0418"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "David Miles reported this issue.",
    "sources": [
      {
        "db": "BID",
        "id": "31529"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200902-085"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2009-0418",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": true,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 9.3,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2009-0418",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2009-0418",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#472363",
            "trust": 0.8,
            "value": "2.70"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200902-085",
            "trust": 0.6,
            "value": "CRITICAL"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#472363"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-001350"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-0418"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200902-085"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The IPv6 Neighbor Discovery Protocol (NDP) implementation in HP HP-UX B.11.11, B.11.23, and B.11.31 does not validate the origin of Neighbor Discovery messages, which allows remote attackers to cause a denial of service (loss of connectivity), read private network traffic, and possibly execute arbitrary code via a spoofed message that modifies the Forward Information Base (FIB), a related issue to CVE-2008-2476. A vulnerability in some implementations of the IPv6 Neighbor Discovery Protocol may allow a nearby attacker to intercept traffic or cause congested links to become overloaded. This vulnerability CVE-2008-2476 Vulnerability associated with. This can be exploited to\ncause the IPv6 stack to panic by sending specially crafted ICMPv6\nmessages to a vulnerable system. \n\n2008-09-03 19:09:47 UTC (RELENG_7, 7.1-PRERELEASE)\n2008-09-03 19:09:47 UTC (RELENG_7_0, 7.0-RELEASE-p4)\n2008-09-03 19:09:47 UTC (RELENG_6, 6.4-PRERELEASE)\n2008-09-03 19:09:47 UTC (RELENG_6_3, 6.3-RELEASE-p4)\n\nPatch:\nhttp://security.FreeBSD.org/patches/SA-08:09/icmp6.patch\n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits Tom Parker and Bjoern A. Zeeb. ----------------------------------------------------------------------\n\nDid you know that a change in our assessment rating, exploit code\navailability, or if an updated patch is released by the vendor, is\nnot part of this mailing-list?\n\nClick here to learn more:\nhttp://secunia.com/advisories/business_solutions/\n\n----------------------------------------------------------------------\n\nTITLE:\nHP-UX IPv6 Neighbor Discovery Protocol Neighbor Solicitation\nVulnerability\n\nSECUNIA ADVISORY ID:\nSA33787\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/33787/\n\nCRITICAL:\nLess critical\n\nIMPACT:\nSpoofing, Exposure of sensitive information, DoS\n\nWHERE:\n\u003eFrom local network\n\nOPERATING SYSTEM:\nHP-UX 11.x\nhttp://secunia.com/advisories/product/138/\n\nDESCRIPTION:\nA vulnerability has been reported in HP-UX, which can be exploited by\nmalicious people to conduct spoofing attacks, disclose potentially\nsensitive information, or to cause a DoS (Denial of Service). \n\nThis is related to:\nSA32112\n\nThe vulnerability is reported in HP-UX B.11.11, B.11.23, and B.11.31\nrunning IPv6. \n\nSOLUTION:\nApply patches. \n\nHP-UX B.11.11:\nInstall patch PHNE_37898 or subsequent. \n\nHP-UX B.11.23:\nInstall patch PHNE_37897 or subsequent. \n\nHP-UX B.11.31:\nInstall patch PHNE_38680 or subsequent. \n\nFor more information:\nSA32112\n\n2) An unspecified error exists in the handling of PPPoE discovery\npackets. ----------------------------------------------------------------------\n\nDo you need accurate and reliable IDS / IPS / AV detection rules?\n\nGet in-depth vulnerability details:\nhttp://secunia.com/binary_analysis/sample_analysis/\n\n----------------------------------------------------------------------\n\nTITLE:\nJuniper Products Neighbor Discovery Protocol Neighbor Solicitation\nVulnerability\n\nSECUNIA ADVISORY ID:\nSA32116\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/32116/\n\nCRITICAL:\nLess critical\n\nIMPACT:\nManipulation of data\n\nWHERE:\n\u003eFrom local network\n\nOPERATING SYSTEM:\nJuniper IVE OS Software 1.x\nhttp://secunia.com/advisories/product/11660/\nJuniper IVE OS Software 2.x\nhttp://secunia.com/advisories/product/11661/\nJuniper IVE OS Software 3.x\nhttp://secunia.com/advisories/product/11662/\nJuniper IVE OS Software 5.x\nhttp://secunia.com/advisories/product/6644/\nJuniper IVE OS Software 4.x\nhttp://secunia.com/advisories/product/6645/\nJuniper IVE OS Software 6.x\nhttp://secunia.com/advisories/product/18562/\nJuniper Networks DXOS 5.x\nhttp://secunia.com/advisories/product/11183/\nJuniper Networks IDP 4.x\nhttp://secunia.com/advisories/product/11181/\nJuniper Networks Infranet Controller 4000\nhttp://secunia.com/advisories/product/11167/\nJuniper Networks WXC Series\nhttp://secunia.com/advisories/product/11164/\nJuniper Networks WX Series\nhttp://secunia.com/advisories/product/11163/\nJuniper Networks Session and Resource Control (SRC) 2.x\nhttp://secunia.com/advisories/product/19036/\nJuniper Networks Secure Access 6000 SP\nhttp://secunia.com/advisories/product/13184/\nJuniper Networks Secure Access 4000 (NetScreen-SA 3000 Series)\nhttp://secunia.com/advisories/product/3141/\nJuniper Networks Secure Access 2000\nhttp://secunia.com/advisories/product/11165/\nJuniper Networks Infranet Controller 6000\nhttp://secunia.com/advisories/product/11168/\nJuniper Networks Secure Access 6000 (NetScreen-SA 5000 Series)\nhttp://secunia.com/advisories/product/3132/\nJuniper Networks Secure Access 700\nhttp://secunia.com/advisories/product/11166/\nJuniper Networks Session and Resource Control (SRC) 1.x\nhttp://secunia.com/advisories/product/19034/\n\nDESCRIPTION:\nA vulnerability has been reported in multiple Juniper Networks\nproducts, which can be exploited by malicious people to manipulate\nthe router\u0027s neighbor cache. This can be exploited to add a fake entry to the router\u0027s\nneighbor cache via a neighbor solicitation request containing a\nspoofed IPv6 address. \n\nSuccessful exploitation may allow the interception or disruption of\nnetwork traffic, but requires that the IPv6 nodes involved in the\nattack are using the same router. \n\nNOTE: The vendor has not published a publicly available advisory and\nhas also refused to provide a list of the affected products or\npatches as information about vulnerabilities is provided to\nregistered customers only. It is therefore unclear if only a subset\nof the products reported as vulnerable in this advisory are affected. \n\nSOLUTION:\nIt is currently unclear whether fixes are available. \n\nPROVIDED AND/OR DISCOVERED BY:\nUS-CERT credits David Miles. \n\nORIGINAL ADVISORY:\nJuniper (login required):\nhttps://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search\u0026txtAlertNumber=PSN-2008-09-036\u0026viewMode=view\n\nUS-CERT:\nhttp://www.kb.cert.org/vuls/id/MAPG-7H2RZU\n\nOTHER REFERENCES:\nUS-CERT VU#472363:\nhttp://www.kb.cert.org/vuls/id/472363\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2009-0418"
      },
      {
        "db": "CERT/CC",
        "id": "VU#472363"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-001350"
      },
      {
        "db": "BID",
        "id": "31529"
      },
      {
        "db": "PACKETSTORM",
        "id": "69638"
      },
      {
        "db": "PACKETSTORM",
        "id": "74623"
      },
      {
        "db": "PACKETSTORM",
        "id": "70557"
      },
      {
        "db": "PACKETSTORM",
        "id": "75476"
      },
      {
        "db": "PACKETSTORM",
        "id": "70559"
      },
      {
        "db": "PACKETSTORM",
        "id": "70814"
      }
    ],
    "trust": 3.15
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2009-0418",
        "trust": 2.7
      },
      {
        "db": "SECUNIA",
        "id": "33787",
        "trust": 1.7
      },
      {
        "db": "SECTRACK",
        "id": "1021660",
        "trust": 1.6
      },
      {
        "db": "VUPEN",
        "id": "ADV-2009-0312",
        "trust": 1.6
      },
      {
        "db": "CERT/CC",
        "id": "VU#472363",
        "trust": 1.4
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-001350",
        "trust": 0.8
      },
      {
        "db": "OVAL",
        "id": "OVAL:ORG.MITRE.OVAL:DEF:5943",
        "trust": 0.6
      },
      {
        "db": "HP",
        "id": "SSRT080107",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200902-085",
        "trust": 0.6
      },
      {
        "db": "BID",
        "id": "31529",
        "trust": 0.3
      },
      {
        "db": "SECUNIA",
        "id": "32117",
        "trust": 0.2
      },
      {
        "db": "SECUNIA",
        "id": "32112",
        "trust": 0.2
      },
      {
        "db": "SECUNIA",
        "id": "32116",
        "trust": 0.2
      },
      {
        "db": "SECUNIA",
        "id": "31745",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "69638",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "74623",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "70557",
        "trust": 0.1
      },
      {
        "db": "SECUNIA",
        "id": "34105",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "75476",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "70559",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "70814",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#472363"
      },
      {
        "db": "BID",
        "id": "31529"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-001350"
      },
      {
        "db": "PACKETSTORM",
        "id": "69638"
      },
      {
        "db": "PACKETSTORM",
        "id": "74623"
      },
      {
        "db": "PACKETSTORM",
        "id": "70557"
      },
      {
        "db": "PACKETSTORM",
        "id": "75476"
      },
      {
        "db": "PACKETSTORM",
        "id": "70559"
      },
      {
        "db": "PACKETSTORM",
        "id": "70814"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-0418"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200902-085"
      }
    ]
  },
  "id": "VAR-200902-0092",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.3760244975
  },
  "last_update_date": "2023-12-18T11:06:57.068000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "http://www.hp.com/country/jp/ja/"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-001350"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-20",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-001350"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-0418"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=123368621330334\u0026w=2"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/33787"
      },
      {
        "trust": 1.6,
        "url": "http://www.securitytracker.com/id?1021660"
      },
      {
        "trust": 1.1,
        "url": "http://www.ietf.org/rfc/rfc2461.txt"
      },
      {
        "trust": 1.1,
        "url": "http://www.ietf.org/rfc/rfc3756.txt"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2009/0312"
      },
      {
        "trust": 1.0,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a5943"
      },
      {
        "trust": 0.9,
        "url": "http://www.kb.cert.org/vuls/id/472363"
      },
      {
        "trust": 0.8,
        "url": "http://tools.ietf.org/html/rfc4861"
      },
      {
        "trust": 0.8,
        "url": "http://tools.ietf.org/html/rfc4861#section-2.1"
      },
      {
        "trust": 0.8,
        "url": "http://www.ietf.org/rfc/rfc3177.txt"
      },
      {
        "trust": 0.8,
        "url": "http://tools.ietf.org/html/rfc3971"
      },
      {
        "trust": 0.8,
        "url": "http://docs.sun.com/app/docs/doc/817-0573/6mgc65bb6?a=view"
      },
      {
        "trust": 0.8,
        "url": "http://msdn.microsoft.com/en-us/library/ms900123.aspx"
      },
      {
        "trust": 0.8,
        "url": "http://en.wikipedia.org/wiki/forwarding_information_base#fibs_in_ingress_filtering_against_denial_of_service"
      },
      {
        "trust": 0.8,
        "url": "http://en.wikipedia.org/wiki/reverse_path_forwarding"
      },
      {
        "trust": 0.8,
        "url": "http://www.openbsd.org/faq/pf/filter.html#antispoof"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0418"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-0418"
      },
      {
        "trust": 0.6,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.6,
        "url": "http://www.frsirt.com/english/advisories/2009/0312"
      },
      {
        "trust": 0.6,
        "url": "http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:5943"
      },
      {
        "trust": 0.5,
        "url": "http://secunia.com/advisories/secunia_security_advisories/"
      },
      {
        "trust": 0.5,
        "url": "http://secunia.com/advisories/about_secunia_advisories/"
      },
      {
        "trust": 0.4,
        "url": "http://support.apple.com/kb/ht3467"
      },
      {
        "trust": 0.4,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01662367"
      },
      {
        "trust": 0.4,
        "url": "http://www.kb.cert.org/vuls/id/mapg-7h2rzu"
      },
      {
        "trust": 0.3,
        "url": "http://www.midnightbsd.org/"
      },
      {
        "trust": 0.3,
        "url": "http://www.openbsd.org/errata43.html#005_ndp"
      },
      {
        "trust": 0.3,
        "url": "http://www.openbsd.org/errata42.html#014_ndp"
      },
      {
        "trust": 0.3,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2009-059.htm"
      },
      {
        "trust": 0.3,
        "url": "http://www.openbsd.org/errata44.html#001_ndp"
      },
      {
        "trust": 0.3,
        "url": "http://secunia.com/advisories/32112/"
      },
      {
        "trust": 0.3,
        "url": "http://secunia.com/binary_analysis/sample_analysis/"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/advisories/31745/"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/advisories/business_solutions/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/hardcore_disassembler_and_reverse_engineer/"
      },
      {
        "trust": 0.1,
        "url": "http://security.freebsd.org/patches/sa-08:09/icmp6.patch"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_specialist/"
      },
      {
        "trust": 0.1,
        "url": "http://security.freebsd.org/advisories/freebsd-sa-08:09.icmp6.asc"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/6778/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/about_secunia_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/product/138/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/33787/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/product/20024/"
      },
      {
        "trust": 0.1,
        "url": "http://www.kb.cert.org/vuls/id/mapg-7h2ry7"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/32117/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/34105/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/try_vi/"
      },
      {
        "trust": 0.1,
        "url": "http://security.freebsd.org/patches/sa-08:10/nd6-6.patch.asc"
      },
      {
        "trust": 0.1,
        "url": "http://security.freebsd.org/patches/sa-08:10/nd6-6.patch"
      },
      {
        "trust": 0.1,
        "url": "http://security.freebsd.org/advisories/freebsd-sa-08:10.nd6.asc"
      },
      {
        "trust": 0.1,
        "url": "http://security.freebsd.org/patches/sa-08:10/nd6-7.patch.asc"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/product/6778/"
      },
      {
        "trust": 0.1,
        "url": "http://security.freebsd.org/patches/sa-08:10/nd6-7.patch"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/product/11167/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/product/11181/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/product/18562/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/product/19034/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/product/11660/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/product/11165/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/product/11662/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/product/11168/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/product/11163/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/product/11166/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/product/13184/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/32116/"
      },
      {
        "trust": 0.1,
        "url": "https://www.juniper.net/alerts/viewalert.jsp?actionbtn=search\u0026txtalertnumber=psn-2008-09-036\u0026viewmode=view"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/product/3132/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/product/11661/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/product/11183/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/product/19036/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/product/3141/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/product/11164/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/product/6645/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/product/6644/"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#472363"
      },
      {
        "db": "BID",
        "id": "31529"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-001350"
      },
      {
        "db": "PACKETSTORM",
        "id": "69638"
      },
      {
        "db": "PACKETSTORM",
        "id": "74623"
      },
      {
        "db": "PACKETSTORM",
        "id": "70557"
      },
      {
        "db": "PACKETSTORM",
        "id": "75476"
      },
      {
        "db": "PACKETSTORM",
        "id": "70559"
      },
      {
        "db": "PACKETSTORM",
        "id": "70814"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-0418"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200902-085"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#472363"
      },
      {
        "db": "BID",
        "id": "31529"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-001350"
      },
      {
        "db": "PACKETSTORM",
        "id": "69638"
      },
      {
        "db": "PACKETSTORM",
        "id": "74623"
      },
      {
        "db": "PACKETSTORM",
        "id": "70557"
      },
      {
        "db": "PACKETSTORM",
        "id": "75476"
      },
      {
        "db": "PACKETSTORM",
        "id": "70559"
      },
      {
        "db": "PACKETSTORM",
        "id": "70814"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-0418"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200902-085"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2008-10-02T00:00:00",
        "db": "CERT/CC",
        "id": "VU#472363"
      },
      {
        "date": "2008-10-02T00:00:00",
        "db": "BID",
        "id": "31529"
      },
      {
        "date": "2009-06-30T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2009-001350"
      },
      {
        "date": "2008-09-04T22:06:24",
        "db": "PACKETSTORM",
        "id": "69638"
      },
      {
        "date": "2009-02-03T17:55:30",
        "db": "PACKETSTORM",
        "id": "74623"
      },
      {
        "date": "2008-10-02T21:01:10",
        "db": "PACKETSTORM",
        "id": "70557"
      },
      {
        "date": "2009-03-06T11:40:34",
        "db": "PACKETSTORM",
        "id": "75476"
      },
      {
        "date": "2008-10-02T21:01:10",
        "db": "PACKETSTORM",
        "id": "70559"
      },
      {
        "date": "2008-10-11T01:26:40",
        "db": "PACKETSTORM",
        "id": "70814"
      },
      {
        "date": "2009-02-04T19:30:00.547000",
        "db": "NVD",
        "id": "CVE-2009-0418"
      },
      {
        "date": "2009-02-04T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200902-085"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2009-04-27T00:00:00",
        "db": "CERT/CC",
        "id": "VU#472363"
      },
      {
        "date": "2015-03-19T09:41:00",
        "db": "BID",
        "id": "31529"
      },
      {
        "date": "2009-06-30T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2009-001350"
      },
      {
        "date": "2017-09-29T01:33:48.527000",
        "db": "NVD",
        "id": "CVE-2009-0418"
      },
      {
        "date": "2009-03-04T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200902-085"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200902-085"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IPv6 implementations insecurely update Forwarding Information Base",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#472363"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200902-085"
      }
    ],
    "trust": 0.6
  }
}

GSD-2009-0418

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2009-0418

Aliases

CVE-2009-0418

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2009-0418",
    "description": "The IPv6 Neighbor Discovery Protocol (NDP) implementation in HP HP-UX B.11.11, B.11.23, and B.11.31 does not validate the origin of Neighbor Discovery messages, which allows remote attackers to cause a denial of service (loss of connectivity), read private network traffic, and possibly execute arbitrary code via a spoofed message that modifies the Forward Information Base (FIB), a related issue to CVE-2008-2476.",
    "id": "GSD-2009-0418"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2009-0418"
      ],
      "details": "The IPv6 Neighbor Discovery Protocol (NDP) implementation in HP HP-UX B.11.11, B.11.23, and B.11.31 does not validate the origin of Neighbor Discovery messages, which allows remote attackers to cause a denial of service (loss of connectivity), read private network traffic, and possibly execute arbitrary code via a spoofed message that modifies the Forward Information Base (FIB), a related issue to CVE-2008-2476.",
      "id": "GSD-2009-0418",
      "modified": "2023-12-13T01:19:44.376827Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2009-0418",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The IPv6 Neighbor Discovery Protocol (NDP) implementation in HP HP-UX B.11.11, B.11.23, and B.11.31 does not validate the origin of Neighbor Discovery messages, which allows remote attackers to cause a denial of service (loss of connectivity), read private network traffic, and possibly execute arbitrary code via a spoofed message that modifies the Forward Information Base (FIB), a related issue to CVE-2008-2476."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "HPSBUX02407",
            "refsource": "HP",
            "url": "http://marc.info/?l=bugtraq\u0026m=123368621330334\u0026w=2"
          },
          {
            "name": "33787",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/33787"
          },
          {
            "name": "1021660",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1021660"
          },
          {
            "name": "ADV-2009-0312",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2009/0312"
          },
          {
            "name": "oval:org.mitre.oval:def:5943",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5943"
          },
          {
            "name": "SSRT080107",
            "refsource": "HP",
            "url": "http://marc.info/?l=bugtraq\u0026m=123368621330334\u0026w=2"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:hp:hp-ux:b.11.31:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:hp:hp-ux:b.11.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:hp:hp-ux:b.11.23:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-0418"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The IPv6 Neighbor Discovery Protocol (NDP) implementation in HP HP-UX B.11.11, B.11.23, and B.11.31 does not validate the origin of Neighbor Discovery messages, which allows remote attackers to cause a denial of service (loss of connectivity), read private network traffic, and possibly execute arbitrary code via a spoofed message that modifies the Forward Information Base (FIB), a related issue to CVE-2008-2476."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "HPSBUX02407",
              "refsource": "HP",
              "tags": [],
              "url": "http://marc.info/?l=bugtraq\u0026m=123368621330334\u0026w=2"
            },
            {
              "name": "1021660",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1021660"
            },
            {
              "name": "33787",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/33787"
            },
            {
              "name": "ADV-2009-0312",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2009/0312"
            },
            {
              "name": "oval:org.mitre.oval:def:5943",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5943"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": true,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-09-29T01:33Z",
      "publishedDate": "2009-02-04T19:30Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2009-0418 (GCVE-0-2009-0418)

FKIE_CVE-2009-0418

GHSA-6RG3-F36H-W236

VAR-200902-0092

GSD-2009-0418

Tags

Sightings

Nomenclature