{"vuid":"VU#267289","idnumber":"267289","name":"IPv6 Type 0 Route Headers allow sender to control routing","keywords":["OpenBSD","DoS","denial of service","IPv6","Type 0","Route Headers"],"overview":"IPv6 Type 0 Route Headers allow the sender to control packet routing. This vulnerability may allow an attacker to cause a denial-of-service condition.","clean_desc":"Routing header options provided by IPv6 allow packet senders to indicate specific nodes through which the packet should travel. Note that a node is defined as any device that implements IPv6, which includes hosts as well as routing devices. According to FreeBSD-SA-07:03.ipv6: An attacker can \"amplify\" a denial of service attack against a link between two vulnerable hosts; that is, by sending a small volume of traffic the attacker can consume a much larger amount of bandwidth between the two vulnerable hosts. An attacker can use vulnerable hosts to \"concentrate\" a denial of service attack against a victim host or network; that is, a set of packets sent over a period of 30 seconds or more could be constructed such that they all arrive at the victim within a period of 1 second or less.","impact":"This condition can facilitate a number of different impacts including packet amplification, bypassing filtering devices, denial of service, and defeating IPv6 Anycast.","resolution":"Update\nSee the systems affected portion of this document for information about updates for specific vendors.","workarounds":"","sysaffected":"","thanks":"This vulnerability was reported by Philippe Biondi Arnaud Ebalard of EADS Innovation Works — IW/SE/CS, IT Sec lab, Suresnes, France at \nCanSecWest 2007","author":"This document was written by Chris Taschner.","public":["http://secunia.com/advisories/24978/","http://openbsd.org/errata40.html#012_route6","http://secunia.com/advisories/25033/","http://www.secdev.org/conf/IPv6_RH_security-csw07.pdf","http://secunia.com/advisories/25068/","http://www.ietf.org/rfc/rfc2460.txt","http://docs.info.apple.com/article.html?artnum=305712","http://secunia.com/advisories/25770/","http://secunia.com/advisories/26703/"],"cveids":["CVE-2007-2242"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2007-04-24T12:41:47Z","publicdate":"2007-04-24T00:00:00Z","datefirstpublished":"2007-06-01T15:01:36Z","dateupdated":"2011-07-22T12:54:16Z","revision":39,"vrda_d1_directreport":"0","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"20","cam_population":"20","cam_impact":"3","cam_easeofexploitation":"14","cam_attackeraccessrequired":"20","cam_scorecurrent":"11.025","cam_scorecurrentwidelyknown":"12.6","cam_scorecurrentwidelyknownexploited":"18.9","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":11.025,"vulnote":null}