2008-4404 | IBM zSeries IPv6 Neighbor Discovery input validation (BID-31529 / XFDB-45601)
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 9.4 | $0-$5k | 0.38 |
A vulnerability was found in IBM zSeries (unknown version). It has been rated as critical. This issue affects an unknown code block of the component IPv6 Neighbor Discovery. The manipulation with an unknown input leads to a privilege escalation vulnerability. Using CWE to declare the problem leads to CWE-20. Impacted is confidentiality, integrity, and availability. The summary by CVE is:
The IPv6 Neighbor Discovery Protocol (NDP) implementation on IBM zSeries servers does not validate the origin of Neighbor Discovery messages, which allows remote attackers to cause a denial of service (loss of connectivity) or read private network traffic via a spoofed message that modifies the Forward Information Base (FIB), a related issue to CVE-2008-2476.
The bug was discovered 10/02/2008. The weakness was published 10/03/2008 as confirmed advisory (CERT.org). It is possible to read the advisory at kb.cert.org. The identification of this vulnerability is CVE-2008-4404 since 10/03/2008. The exploitation is known to be easy. The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. The technical details are unknown and an exploit is not publicly available.
The vulnerability was handled as a non-public zero-day exploit for at least 1 days. During that time the estimated underground price was around $5k-$25k. The vulnerability scanner Nessus provides a plugin with the ID 35642 (HP-UX PHNE_37897 : HP-UX Running IPv6, Remote Denial of Service (DoS) and Unauthorized Access (HPSBUX02407 SSRT080107 rev.1)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family HP-UX Local Security Checks and running in the context local. The commercial vulnerability scanner Qualys is able to test this issue with plugin 116191 (HP-UX Running IPv6, Remote Denial of Service Vulnerability (HPSBUX02407)).
Applying a patch is able to eliminate this problem. A possible mitigation has been published 5 months after the disclosure of the vulnerability.
The vulnerability is also documented in the databases at SecurityFocus (BID 31529), X-Force (45601), Vulnerability Center (SBV-19674) and Tenable (35642). Similar entries are available at 46293 and 44311.
Vendor
Name
VulDB Meta Base Score: 9.8
VulDB Meta Temp Score: 9.4
VulDB Base Score: 9.8
VulDB Temp Score: 9.4
VulDB Vector: 🔍
VulDB Reliability: 🔍
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 🔍 | 🔍 | 🔍 | 🔍 | 🔍 | 🔍 |
| 🔍 | 🔍 | 🔍 | 🔍 | 🔍 | 🔍 |
| 🔍 | 🔍 | 🔍 | 🔍 | 🔍 | 🔍 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| unlock | unlock | unlock | unlock | unlock | unlock |
| unlock | unlock | unlock | unlock | unlock | unlock |
| unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Class: Privilege escalation
CWE: CWE-20
ATT&CK: Unknown
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | unlock | unlock | unlock | unlock |
|---|---|---|---|---|
| Today | unlock | unlock | unlock | unlock |
Nessus ID: 35642
Nessus Name: HP-UX PHNE_37897 : HP-UX Running IPv6, Remote Denial of Service (DoS) and Unauthorized Access (HPSBUX02407 SSRT080107 rev.1)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Context: 🔍
OpenVAS ID: 835194
OpenVAS Name: HP-UX Update for NFS/ONCplus HPSBUX02375
OpenVAS File: 🔍
OpenVAS Family: 🔍
Threat Intelligence
Interest: 🔍
Active Actors: 🔍
Active APT Groups: 🔍Recommended: Patch
Status: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Patch: kb.cert.org
10/02/2008 🔍
10/02/2008 🔍
10/02/2008 🔍
10/03/2008 🔍
10/03/2008 🔍
10/03/2008 🔍
10/12/2008 🔍
02/02/2009 🔍
02/12/2009 🔍
01/12/2010 🔍
03/17/2015 🔍
08/02/2021 🔍Vendor: https://www.ibm.com/
Advisory: kb.cert.org
Status: Confirmed
CVE: CVE-2008-4404 (🔍)
IAVM: 🔍
SecurityFocus: 31529
X-Force: 45601
Vulnerability Center: 19674 – IBM zSeries Servers IPv6 NDP Implementation Remote DoS and Network Traffic Disclosure Vulnerability, High
OSVDB: 48991 – CVE-2008-4404 – IBM – ZSeries – Denial-Of-Service Issue
See also: 🔍
Created: 03/17/2015 16:11
Updated: 08/02/2021 10:32
Changes: (4) source_securityfocus_date source_securityfocus_class exploit_price_0day vulnerability_cvss2_nvd_basescore
Complete: 🔍
Upgrade your account now!
