oss-sec mailing list archives
RHSA-2016:1086 libndp: denial of service due to insufficient validation of source of NDP messages
From: Cedric Buissart <cbuissar () redhat com>
Date: Tue, 17 May 2016 20:40:37 +0200
Dear all, An improper input validation check, and improper origin check flaw during the reception of NDP message was discovered in libndp. An attacker in a non local network could use this flaw to advertise a node as a router, and cause a denial of service attack, or act as a man in the middle. The patches enforce that hop limit must be 255, to ensure that the NDP message has not been routed. Patches can be found upsteam: - libndp: validate the IPv6 hop limit https://github.com/jpirko/libndp/commit/a4892df306e0532487f1634ba6d4c6d4bb381c7f - libndb: reject redirect and router advertisements from non-link-local https://github.com/jpirko/libndp/commit/2af9a55b38b55abbf05fd116ec097d4029115839 https://people.freedesktop.org/~lkundrak/.libndp/ Known affected packages : NetworkManager >= 1.0 Thanks to Julien Bernard (Viagénie) for discovering the issue Kind regards, -- Cedric Buissart Purkynova 99 Brno 612 45
Current thread:
- RHSA-2016:1086 libndp: denial of service due to insufficient validation of source of NDP messages Cedric Buissart (May 17)