Teredo IPv6 Transition Technology Vulnerability in Microsoft Products
CVE-2006-6264

Currently unrated

Key Information:

Vendor: Microsoft
Status: Teredo
Vendor: CVE Published:; 4 December 2006

What is CVE-2006-6264?

The vulnerability in Teredo allows the creation of trusted peer entries for arbitrary incoming source Teredo addresses. Even when the low 32 bits represent intranet addresses, this can enable remote attackers to route IPv4 traffic to intranet hosts that employ non-RFC1918 addresses. This situation poses a risk because it circumvents established IPv4 ingress filtering mechanisms, potentially exposing internal systems to undesired external access.

References

http://www.symantec.com/avcenter/reference/Teredo_Securit...

x_refsource_MISC

http://www.securityfocus.com/archive/1/452996/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.securityfocus.com/archive/1/452989/100/0/threaded

mailing-listx_refsource_BUGTRAQ

EPSS Score

12% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 4, 2006
Vulnerability Reserved
Dec 3, 2006