Re: CVE-2016-3698 libndp: denial of service due to insufficient validation of source of NDP messages

[Cedric Buissart <cbuissar () redhat com>]

Accidental miss-use of copy/paste : updated subject with the CVE number.

On Tue, May 17, 2016 at 8:40 PM, Cedric Buissart <cbuissar () redhat com>
wrote:

> Dear all,
>
> An improper input validation check, and improper origin check flaw during
> the reception of NDP message was discovered in libndp. An attacker in a
> non local network could use this flaw to advertise a node as a router, and
> cause a denial of service attack, or act as a man in the middle.
>
> The patches enforce that hop limit must be 255, to ensure that the NDP
> message
> has not been routed.
>
> Patches can be found upsteam:
>
>  -  libndp: validate the IPv6 hop limit
>
> https://github.com/jpirko/libndp/commit/a4892df306e0532487f1634ba6d4c6d4bb381c7f
>
>  -  libndb: reject redirect and router advertisements from non-link-local
>
> https://github.com/jpirko/libndp/commit/2af9a55b38b55abbf05fd116ec097d4029115839
>   https://people.freedesktop.org/~lkundrak/.libndp/
>
> Known affected packages : NetworkManager >= 1.0
>
> Thanks to Julien Bernard (Viagénie) for discovering the issue
>
> Kind regards,
> --
> Cedric Buissart
> Purkynova 99
> Brno 612 45



-- 
Cedric Buissart,
Product Security

Purkynova 99
Brno 612 45