DescriptionThe Neighbor Discovery (ND) protocol implementation in the IPv6 stack in FreeBSD, NetBSD, and possibly other BSD-based operating systems allows remote attackers to cause a denial of service (CPU consumption and device hang) by sending many Router Advertisement (RA) messages with different source addresses, a similar vulnerability to CVE-2010-4670.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severityhigh (attack range: remote)
Debian Bugs684072

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
kfreebsd-10 (PTS)jessie10.1~svn274115-4vulnerable
sid, stretch10.3~svn300087-3vulnerable
kfreebsd-8 (PTS)wheezy8.3-6+deb7u1vulnerable
kfreebsd-9 (PTS)wheezy, wheezy (security)9.0-10+deb70.10vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs


[squeeze] - kfreebsd-8 <no-dsa> (Minor issue)
[wheezy] - kfreebsd-8 <no-dsa> (Minor issue)
[squeeze] - kfreebsd-9 <no-dsa> (Minor issue)
[wheezy] - kfreebsd-9 <no-dsa> (Minor issue)
[jessie] - kfreebsd-10 <no-dsa> (Minor issue)
Starting with stretch kfreebsd is no longer supported

Search for package or bug name: Reporting problems