Bug 1209902 (CVE-2015-2924)
| Summary: | CVE-2015-2924 NetworkManager: denial of service (DoS) attack against IPv6 network stacks due to improper handling of Router Advertisements | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Vasyl Kaigorodov <vkaigoro> | ||||
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||
| Status: | CLOSED ERRATA | QA Contact: | |||||
| Severity: | low | Docs Contact: | |||||
| Priority: | low | ||||||
| Version: | unspecified | CC: | bgalvani, danw, dcbw, fweimer, jklimes, jrusnack, lrintel, psimerda, rkhan, spider, thaller | ||||
| Target Milestone: | --- | Keywords: | Reopened, Security | ||||
| Target Release: | --- | ||||||
| Hardware: | All | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: |
A flaw was found in the way NetworkManager handled router advertisements. An unprivileged user on a local network could use IPv6 Neighbor Discovery ICMP to broadcast a non-route with a low hop limit, causing machines to lower the hop limit on existing IPv6 routes. If this limit is small enough, IPv6 packets would be dropped before reaching the final destination.
|
Story Points: | --- | ||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2015-11-20 05:18:55 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Bug Depends On: | 1209903, 1217090 | ||||||
| Bug Blocks: | 1209904, 1210268 | ||||||
| Attachments: |
|
||||||
|
Description
Vasyl Kaigorodov
2015-04-08 12:39:48 UTC
Created NetworkManager tracking bugs for this issue: Affects: fedora-all [bug 1209903] Created attachment 1012277 [details]
patch only to increase (not decrease) the hop-limit
- /* don't allow unreasonable small values */ + /* don't allow unreasonably small values */ LGTM On current master the patch needs to be rebased after 2316d233e36d, anyway looks OK to me. merged to master: http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=bdaaf9849b0cacf131b71fa2ae168f5db796874f nm-1-0: http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=6e8c5b51b16c6a60a533ce753bcc54b7e2e703ca (In reply to Thomas Haller from comment #6) > merged to > > master: > http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/ > ?id=bdaaf9849b0cacf131b71fa2ae168f5db796874f > > nm-1-0: > http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/ > ?id=6e8c5b51b16c6a60a533ce753bcc54b7e2e703ca and nm-0-9-10: http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=d195edb95a543f7eebbd0a164e8ff3bef599370a This issue doesn't affect NetworkManager on RHEL-6, as NM on RHEL-6 doesn't do RA/SLAAC in userspace. NetworkManager-1.0.2-1.fc22, NetworkManager-openconnect-1.0.2-1.fc22, NetworkManager-vpnc-1.0.2-1.fc22, network-manager-applet-1.0.2-1.fc22, NetworkManager-openvpn-1.0.2-1.fc22, NetworkManager-openswan-1.0.2-1.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report. NetworkManager-0.9.10.2-5.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report. *** Bug 1199276 has been marked as a duplicate of this bug. *** This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2015:2315 https://rhn.redhat.com/errata/RHSA-2015-2315.html |