Summary : Teredo client packets sent to arbitrary address Date : 01 June 2007 Affected versions : Miredo, all versions Miredo-specific : No Impact : None immediate CVE ID : CVE-2006-6266 (candidate) ID : MTFL-SA-0703
Teredo clients, when following item 6 of RFC4380 section 5.2.3, start direct IPv6 connectivity tests (aka ping tests) in response to packets from non-Teredo source addresses, which might allow remote attackers to induce Teredo clients to send packets to third parties.
An attacker can induce a Teredo client into a rate-limited quantity of small fixed-size IPv6 packets to an arbitrary (third party or unassigned) address.
IPv6 connectivity tests are a design feature of the Teredo protocol. They pose no more threat that sending spoofed TCP/SYN packet to an open port on any server, or a spoofed ICMPv6 Echo request, to trick an IPv6 node into sending packets to an arbitrary third party.
IPv6 connectivity tests are rate-limited per IPv6 address, and do not provide a significant rate of traffic amplification to be of much use and interest to attackers.
None. None needed.
This vulnerability is considered a non-issue, and cannot be “fixed” due to the very design of the Teredo protocol.
Jim Hoagland has published this issue in his Teredo security report.
Some of this page content is copied from the CVE MITRE database.