Back to bug 1329366
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Lubomir Rintel | 2016-04-21 18:28:43 UTC | Keywords | Security | |
| CC | security-response-team | |||
| Red Hat Bugzilla | 2016-04-21 18:28:43 UTC | Doc Type | --- | Bug Fix |
| Lubomir Rintel | 2016-04-21 18:29:22 UTC | CC | lrintel | |
| Lubomir Rintel | 2016-04-21 18:30:23 UTC | CC | dcbw | |
| Adam Mariš | 2016-04-22 08:46:18 UTC | Whiteboard | impact=moderate,public=no,reported=20160420,source=researcher,cvss2=4.3/AV:A/AC:M/Au:N/C:N/I:P/A:P | |
| Adam Mariš | 2016-04-22 08:46:21 UTC | Severity | unspecified | medium |
| Adam Mariš | 2016-04-22 08:46:24 UTC | Priority | unspecified | medium |
| Adam Mariš | 2016-04-22 08:51:21 UTC | Whiteboard | impact=moderate,public=no,reported=20160420,source=researcher,cvss2=4.3/AV:A/AC:M/Au:N/C:N/I:P/A:P | impact=moderate,public=no,reported=20160420,source=researcher,cvss2=4.3/AV:A/AC:M/Au:N/C:N/I:P/A:P,rhel-7/libndp=affected,fedora-all/libndp=affected |
| Adam Mariš | 2016-04-22 08:51:27 UTC | CC | rkhan | |
| Adam Mariš | 2016-04-22 08:53:55 UTC | Blocks | 1329557 | |
| Adam Mariš | 2016-04-22 09:00:20 UTC | CC | amaris | |
| Summary | libndp: denial of service due to insufficient validation of source of NDP messages | EMBARGOED CVE-2016-3698 libndp: denial of service due to insufficient validation of source of NDP messages | ||
| Alias | CVE-2016-3698 | |||
| Adam Mariš | 2016-05-05 15:11:19 UTC | Whiteboard | impact=moderate,public=no,reported=20160420,source=researcher,cvss2=4.3/AV:A/AC:M/Au:N/C:N/I:P/A:P,rhel-7/libndp=affected,fedora-all/libndp=affected | impact=moderate,public=no,reported=20160420,source=researcher,cvss2=5.4/AV:A/AC:M/Au:N/C:P/I:P/A:P,rhel-7/libndp=affected,fedora-all/libndp=affected |
| Cedric Buissart | 2016-05-05 16:33:26 UTC | Whiteboard | impact=moderate,public=no,reported=20160420,source=researcher,cvss2=5.4/AV:A/AC:M/Au:N/C:P/I:P/A:P,rhel-7/libndp=affected,fedora-all/libndp=affected | impact=moderate,public=no,reported=20160420,source=researcher,cvss2=5.4/AV:A/AC:M/Au:N/C:P/I:P/A:P,cwe=CWE-20,rhel-7/libndp=affected,fedora-all/libndp=affected |
| Cedric Buissart | 2016-05-05 17:11:27 UTC | Whiteboard | impact=moderate,public=no,reported=20160420,source=researcher,cvss2=5.4/AV:A/AC:M/Au:N/C:P/I:P/A:P,cwe=CWE-20,rhel-7/libndp=affected,fedora-all/libndp=affected | impact=moderate,public=no,reported=20160420,source=researcher,cvss2=5.4/AV:A/AC:M/Au:N/C:P/I:P/A:P,cwe=CWE-20,CWE-346,rhel-7/libndp=affected,fedora-all/libndp=affected |
| Cedric Buissart | 2016-05-05 17:13:13 UTC | CC | cbuissar | |
| Whiteboard | impact=moderate,public=no,reported=20160420,source=researcher,cvss2=5.4/AV:A/AC:M/Au:N/C:P/I:P/A:P,cwe=CWE-20,CWE-346,rhel-7/libndp=affected,fedora-all/libndp=affected | impact=moderate,public=no,reported=20160420,source=researcher,cvss2=5.4/AV:A/AC:M/Au:N/C:P/I:P/A:P,cwe=CWE-20,rhel-7/libndp=affected,fedora-all/libndp=affected | ||
| Cedric Buissart | 2016-05-05 17:24:42 UTC | Doc Text | An improper input validation check, and improper origin check flaw during the reception of NDP message was discovered in libndp. An attacker in a non local network could use this flaw to advertise a node as a router, and cause a denial of service attack, or act as a man in the middle. | |
| Cedric Buissart | 2016-05-06 12:41:34 UTC | Depends On | 1333797 | |
| Cedric Buissart | 2016-05-06 12:41:39 UTC | Depends On | 1333799 | |
| Cedric Buissart | 2016-05-06 16:48:30 UTC | Whiteboard | impact=moderate,public=no,reported=20160420,source=researcher,cvss2=5.4/AV:A/AC:M/Au:N/C:P/I:P/A:P,cwe=CWE-20,rhel-7/libndp=affected,fedora-all/libndp=affected | impact=moderate,public=20160517,reported=20160420,source=researcher,cvss2=5.4/AV:A/AC:M/Au:N/C:P/I:P/A:P,cwe=CWE-20,rhel-7/libndp=affected,fedora-all/libndp=affected |
| Lubomir Rintel | 2016-05-12 14:16:09 UTC | CC | vbenes | |
| QA Contact | vbenes | |||
| Martin Prpič | 2016-05-13 11:42:24 UTC | Doc Text | An improper input validation check, and improper origin check flaw during the reception of NDP message was discovered in libndp. An attacker in a non local network could use this flaw to advertise a node as a router, and cause a denial of service attack, or act as a man in the middle. | It was found that libndp did not properly validate and check the origin of Neighbor Discovery Protocol (NDP) messages. An attacker on a non-local network could use this flaw to advertise a node as a router, allowing them to perform man-in-the-middle attacks on a connecting client, or disrupt the network connectivity of that client. |
| Cedric Buissart | 2016-05-17 10:03:02 UTC | Summary | EMBARGOED CVE-2016-3698 libndp: denial of service due to insufficient validation of source of NDP messages | CVE-2016-3698 libndp: denial of service due to insufficient validation of source of NDP messages |
| Cedric Buissart | 2016-05-17 10:03:05 UTC | Group | security | |
| Cedric Buissart | 2016-05-17 10:05:05 UTC | Status | NEW | RELEASE_PENDING |
| Cedric Buissart | 2016-05-17 10:07:48 UTC | Depends On | 1336719 | |
| Adam Mariš | 2016-11-08 15:59:48 UTC | CC | amaris | |
| Product Security DevOps Team | 2019-07-12 13:04:11 UTC | Status | RELEASE_PENDING | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2019-07-12 13:04:11 UTC | |||
| Product Security DevOps Team | 2019-09-29 13:47:33 UTC | Whiteboard | impact=moderate,public=20160517,reported=20160420,source=researcher,cvss2=5.4/AV:A/AC:M/Au:N/C:P/I:P/A:P,cwe=CWE-20,rhel-7/libndp=affected,fedora-all/libndp=affected |
Back to bug 1329366