teredo software vulnerabilities
vulnerabilities.aspcode.net
Searching teredo software vulnerabilities
Teredo clients, when source routing is enabled,
source-routed
|
encapsulated
|
recognize
|
attackers
|
gateways
|
policies
|
Internet
|
certain
|
packets
|
routing
|
clients
|
enabled
|
Teredo
|
bypass
|
remote
|
packet
|
header
|
source
|
which
|
might
|
allow
|
send
|
IPv6
|
drop
|
next
|
hop
|
all
|
Teredo clients, when source routing is enabled, recognize a Routing header in an encapsulated IPv6 packet and send the packet to the next hop, which might allow remote attackers to bypass policies of certain Internet gateways that drop all source-routed packets.
Teredo creates trusted peer entries for arbitra
non-RFC1918
|
arbitrary
|
attackers
|
represent
|
addresses
|
bypassing
|
filtering
|
intranet
|
incoming
|
address
|
traffic
|
ingress
|
trusted
|
entries
|
creates
|
source
|
remote
|
Teredo
|
hosts
|
might
|
which
|
allow
|
peer
|
even
|
bits
|
send
|
IPv4
|
low
|
use
|
Teredo creates trusted peer entries for arbitrary incoming source Teredo addresses, even if the low 32 bits represent an intranet address, which might allow remote attackers to send IPv4 traffic to intranet hosts that use non-RFC1918 addresses, bypassing IPv4 ingress filtering.
Teredo clients, when located behind a restricte
traditional
|
restricted
|
connection
|
attackers
|
establish
|
guessing
|
required
|
clients
|
without
|
mapping
|
inbound
|
located
|
client
|
Teredo
|
behind
|
remote
|
allow
|
find
|
port
|
NAT
|
Teredo clients, when located behind a restricted NAT, allow remote attackers to establish an inbound connection without the guessing required to find a port mapping for a traditional restricted NAT client, by (1) using the client port number contained in the Teredo address or (2) following the bubble-to-open procedure.
Miredo 0.9.8 through 1.0.5 does not properly au
Miredo
|
Miredo 0.9.8 through 1.0.5 does not properly authenticate a Teredo bubble during UDP hole punching with HMAC-MD5-64 hashing, which allows remote attackers to impersonate an arbitrary Teredo client.
The Teredo implementation in Microsoft Windows
implementation
|
communication
|
solicitation
|
attackers
|
different
|
Microsoft
|
session
|
attacks
|
Windows
|
through
|
remote
|
easier
|
within
|
Teredo
|
brute
|
force
|
Vista
|
spoof
|
which
|
ports
|
nonce
|
makes
|
same
|
uses
|
UDP
|
The Teredo implementation in Microsoft Windows Vista uses the same nonce for communication with different UDP ports within a solicitation session, which makes it easier for remote attackers to spoof the nonce through brute force attacks.
Microsoft Windows Vista establishes a Teredo ad
documentation
|
establishes
|
communicate
|
connection
|
increases
|
attackers
|
Microsoft
|
Internet
|
inactive
|
contrary
|
without
|
address
|
surface
|
Windows
|
attack
|
allows
|
remote
|
action
|
Teredo
|
Vista
|
which
|
upon
|
user
|
via
|
Microsoft Windows Vista establishes a Teredo address without user action upon connection to the Internet, contrary to documentation that Teredo is inactive without user action, which increases the attack surface and allows remote attackers to communicate via Teredo.
The Teredo interface in Microsoft Windows Vista
Vulnerability"
|
information
|
Disclosure
|
interface
|
sensitive
|
attackers
|
Microsoft
|
firewall
|
blocking
|
properly
|
"Windows
|
Edition
|
Windows
|
traffic
|
certain
|
crafted
|
network
|
obtain
|
bypass
|
handle
|
Teredo
|
allows
|
remote
|
Vista
|
rules
|
which
|
Rule
|
IPv6
|
does
|
x64
|
not
|
via
|
aka
|
The Teredo interface in Microsoft Windows Vista and Vista x64 Edition does not properly handle certain network traffic, which allows remote attackers to bypass firewall blocking rules and obtain sensitive information via crafted IPv6 traffic, aka "Windows Vista Firewall Blocking Rule Information Disclosure Vulnerability."
Software vulnerabilities results 1 to 8 of 8
Page:
1