oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

RHSA-2016:1086 libndp: denial of service due to insufficient validation of source of NDP messages

From: Cedric Buissart <cbuissar () redhat com>
Date: Tue, 17 May 2016 20:40:37 +0200
Dear all,

An improper input validation check, and improper origin check flaw during
the reception of NDP message was discovered in libndp. An attacker in a
non local network could use this flaw to advertise a node as a router, and
cause a denial of service attack, or act as a man in the middle.

The patches enforce that hop limit must be 255, to ensure that the NDP
message
has not been routed.

Patches can be found upsteam:

 -  libndp: validate the IPv6 hop limit
https://github.com/jpirko/libndp/commit/a4892df306e0532487f1634ba6d4c6d4bb381c7f

 -  libndb: reject redirect and router advertisements from non-link-local
https://github.com/jpirko/libndp/commit/2af9a55b38b55abbf05fd116ec097d4029115839
  https://people.freedesktop.org/~lkundrak/.libndp/

Known affected packages : NetworkManager >= 1.0

Thanks to Julien Bernard (Viagénie) for discovering the issue

Kind regards,
--
Cedric Buissart
Purkynova 99
Brno 612 45
Previous By Date Next
Previous By Thread Next

Current thread: