PT-2009-4657 · Freebsd · Freebsd
Hiroki Sato
·
Published
2009-06-24
·
Updated
2017-08-17
·
CVE-2009-2208
CVSS v2.0
3.6
Low
| Vector | AV:L/AC:L/Au:N/C:N/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
FreeBSD versions 6.3, 6.4, 7.1, 7.2
Description
The issue allows local users to modify or disable IPv6 network interfaces due to a lack of permission enforcement on the SIOCSIFINFO IN6 IOCTL. This can be demonstrated by modifying the MTU.
Recommendations
For versions 6.3, 6.4, 7.1, 7.2, consider restricting access to the SIOCSIFINFO IN6 IOCTL to prevent unauthorized modification of IPv6 network interfaces.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Freebsd