oss-sec mailing list archives
Re: CVE Request: Linux kernel: IPv6: crash due to router advertisement flooding
From: cve-assign () mitre org
Date: Fri, 7 Mar 2014 19:23:20 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
The Linux kernel is vulnerable to a crash on hosts that accept router advertisements. An unlimited number of routes can be created from router advertisements. A remote attacker in the same layer 2 segment can cause a crash from memory exhaustion by flooding router advertisements to a target machine. https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=c88507fbad8055297c1d1e21e599f46960cbee39 http://patchwork.ozlabs.org/patch/327515/
Use CVE-2014-2309. As a side note, this is possibly related to "it seems that Linux is not affected, you might want to test though as I have only tested this with a 2.6.x kernel" in the http://www.openwall.com/lists/oss-security/2012/10/10/8 post. (By mentioning this, we do not mean that CVE-2014-2309 is a duplicate of a CVE assignment from October 2012. We only mean that this c88507fbad8055297c1d1e21e599f46960cbee39 issue in the Linux kernel 3.x might have been suggested but not tested in 2012.) - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJTGmF9AAoJEKllVAevmvms3SEH/1o5RaRem6lv7ee3SLdXL5br oW9Ze4kXzWweXE3MqHNZk0J4AOPbn5/NbcFN+PJPQeY9ocTUOKqHogWLXXyZAFpf bLAAOc7TDti0D9gy6JdPlg/hdPeo/65yZG20xrnJlHNMjvsQhOd3Hw+ib/9QSW8p tnJK3iAfVvfWNZeby/1efxWSfEqKAhD3SCAhIIOK1UCBOPhsqcKt0s6UM7+/CTQI cJxX58mDD/h4waE3yejrGioP30sYXzvg3V7CO6r+OJEiz7rtfHUVKjaHR1Yy0ZX9 b75QApdmGWrArhrsJo0Gomn0spIXHvBZjuuC6wpj8K6G6/eeSBZk3CUHAo5jfdM= =rnx+ -----END PGP SIGNATURE-----
Current thread:
- CVE Request: Linux kernel: IPv6: crash due to router advertisement flooding Sabrina Dubroca (Mar 07)
- Re: CVE Request: Linux kernel: IPv6: crash due to router advertisement flooding cve-assign (Mar 07)