oss-sec mailing list archives
Re: CVE Request : IPv6 Hop limit lowering via RA messages
From: cve-assign () mitre org
Date: Sat, 4 Apr 2015 03:27:49 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
An unprivileged user on a local network can use IPv6 Neighbour Discovery ICMP to broadcast a non-route with a low hop limit, this causing machines to lower the hop limit on existing IPv6 routes.
Projects impacted: Linux kernel, NetworkManager, FreeBSD Kernel
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6fd99094de2b83d1d4c8457f2c83483b2828e75a
Use CVE-2015-2922 for the Linux kernel vulnerability.
https://lists.freebsd.org/pipermail/freebsd-net/2015-April/041934.html
Use CVE-2015-2923 for the FreeBSD vulnerability.
, NetworkManager
This might refer to http://cgit.freedesktop.org/NetworkManager/NetworkManager/tree/src/rdisc/nm-lndp-rdisc.c hop_limit = ndp_msgra_curhoplimit (msgra); if (rdisc->hop_limit != hop_limit) { rdisc->hop_limit = hop_limit; changed |= NM_RDISC_CONFIG_HOP_LIMIT; however, the MITRE CVE team is not directly familiar with this part of the NetworkManager code and has not researched any changes to the "rdisc->hop_limit != hop_limit" test. There is apparently no commit available yet at: http://cgit.freedesktop.org/NetworkManager/NetworkManager/log/src/rdisc/nm-lndp-rdisc.c but, again, we don't know whether changes would need to occur there. Use CVE-2015-2924 for the NetworkManager vulnerability. Also, note that http://patchwork.ozlabs.org/patch/453995/ refers to affected closed-source products. (CVE IDs for closed-source products would be announced elsewhere.) It also refers to Android. We don't know whether Android was listed only because of a shared-codebase issue, e.g., https://android.googlesource.com/kernel/common/+/android-3.18/net/ipv6/ndisc.c (there is no commit at https://android.googlesource.com/kernel/common/+log/android-3.18/net/ipv6/ndisc.c currently) or whether Android is affected in other ways. Unless there is incorrect hop_limit processing in code that is specific to Android, Android would not have a unique CVE ID. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJVH5GoAAoJEKllVAevmvmsL4EH/3oXUCv+ibZ7VXqeLpvkcmeq R6dPpU6QJVLvirY/2Huoq0eLlSm9l6Tg9Z0h8WoWJpa8nQjrEthXc0XnWh6l4aoW GzcRAJLjh21WZGTF4euTVMTSyR+ftw2jNp5WkfiI4BxCvikyDlrktj1qYVgsB7AK 3Svrv9jUDDjQX8Xd2gAqCEcSiRe9OO+JWErRD9ZyKSia9KcgFmmw3XQgUgefz6Ra oKWuc0nZbYKq80JwIiiX8ThRyETuoNOtT4w7JdRVJfhFlUml8+FNh1hFiz52GsBF iOOninmlM0i1EZw2v8JV/V+ihHB071YbT3K7xdoOu65CZymDy5qq+fc2ok5IOFY= =qiwd -----END PGP SIGNATURE-----
Current thread:
- CVE Request : IPv6 Hop limit lowering via RA messages D.S. Ljungmark (Apr 02)
- Re: CVE Request : IPv6 Hop limit lowering via RA messages Dan McDonald (Apr 02)
- Fwd: CVE Request : IPv6 Hop limit lowering via RA messages Eitan Adler (Apr 02)
- Re: CVE Request : IPv6 Hop limit lowering via RA messages Jim Thompson (Apr 03)
- Re: CVE Request : IPv6 Hop limit lowering via RA messages D.S. Ljungmark (Apr 03)
- Re: CVE Request : IPv6 Hop limit lowering via RA messages Loganaden Velvindron (Apr 03)
- Re: CVE Request : IPv6 Hop limit lowering via RA messages Jim Thompson (Apr 03)
- Re: CVE Request : IPv6 Hop limit lowering via RA messages cve-assign (Apr 04)
- Re: Re: CVE Request : IPv6 Hop limit lowering via RA messages Marcus Meissner (Apr 06)