Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: CVE Request: Linux kernel: IPv6: crash due to router advertisement flooding
From: cve-assign () mitre org
Date: Fri, 7 Mar 2014 19:23:20 -0500 (EST)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The Linux kernel is vulnerable to a crash on hosts that accept router
advertisements. An unlimited number of routes can be created from
router advertisements.

A remote attacker in the same layer 2 segment can cause a crash from
memory exhaustion by flooding router advertisements to a target
machine.

https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=c88507fbad8055297c1d1e21e599f46960cbee39

http://patchwork.ozlabs.org/patch/327515/

Use CVE-2014-2309.

As a side note, this is possibly related to "it seems that Linux is
not affected, you might want to test though as I have only tested this
with a 2.6.x kernel" in the
http://www.openwall.com/lists/oss-security/2012/10/10/8 post. (By
mentioning this, we do not mean that CVE-2014-2309 is a duplicate of a
CVE assignment from October 2012. We only mean that this
c88507fbad8055297c1d1e21e599f46960cbee39 issue in the Linux kernel 3.x
might have been suggested but not tested in 2012.)

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJTGmF9AAoJEKllVAevmvms3SEH/1o5RaRem6lv7ee3SLdXL5br
oW9Ze4kXzWweXE3MqHNZk0J4AOPbn5/NbcFN+PJPQeY9ocTUOKqHogWLXXyZAFpf
bLAAOc7TDti0D9gy6JdPlg/hdPeo/65yZG20xrnJlHNMjvsQhOd3Hw+ib/9QSW8p
tnJK3iAfVvfWNZeby/1efxWSfEqKAhD3SCAhIIOK1UCBOPhsqcKt0s6UM7+/CTQI
cJxX58mDD/h4waE3yejrGioP30sYXzvg3V7CO6r+OJEiz7rtfHUVKjaHR1Yy0ZX9
b75QApdmGWrArhrsJo0Gomn0spIXHvBZjuuC6wpj8K6G6/eeSBZk3CUHAo5jfdM=
=rnx+
-----END PGP SIGNATURE-----


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault