Summary : Failure to handle error in Teredo client Date : 14 May 2006 Affected versions : Miredo 0.8.4 down to 0.7.0, and 0.9.1 Miredo-specific : Yes Impact : Remote denial of service CVE ID : N/A ID : MTFL-SA-0602
While validating a Router Advertisement, as part of the Teredo qualification and maintenance procedure with the Teredo server, the Teredo client would detect invalid packets, but fail to ignore them properly.
If successful, a malicious third party could use this vulnerability to trigger misconfiguration of the Teredo tunnel, ultimately denying the Teredo tunnel service, and IPv6 connectivity.
As far as is known, this bug cannot be exploited to run arbitrary code remotely, nor to divert legitimate traffic to a malicious third party.
Exploitation of this bug requires previous knowledge of the victim’s mapped public IPv4 address, mapped public UDP port number. The malicious packet must also be sent within a fairly short time frame (usually 50 to 200ms every 30s).
Teredo relays and Teredo servers are unaffected.
There is no known proper workaround for Teredo clients.
Upgrade to Miredo version 0.8.5.
This bug was discovered internally.