Bug 1329366 (CVE-2016-3698)
Summary: | CVE-2016-3698 libndp: denial of service due to insufficient validation of source of NDP messages | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | [Other] Security Response | Reporter: | Lubomir Rintel <lrintel> | ||||||
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||||
Status: | CLOSED ERRATA | QA Contact: | Vladimir Benes <vbenes> | ||||||
Severity: | medium | Docs Contact: | |||||||
Priority: | medium | ||||||||
Version: | unspecified | CC: | cbuissar, dcbw, lrintel, rkhan, security-response-team, vbenes | ||||||
Target Milestone: | --- | Keywords: | Security | ||||||
Target Release: | --- | ||||||||
Hardware: | Unspecified | ||||||||
OS: | Unspecified | ||||||||
Whiteboard: | |||||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||||
Doc Text: |
It was found that libndp did not properly validate and check the origin of Neighbor Discovery Protocol (NDP) messages. An attacker on a non-local network could use this flaw to advertise a node as a router, allowing them to perform man-in-the-middle attacks on a connecting client, or disrupt the network connectivity of that client.
|
Story Points: | --- | ||||||
Clone Of: | Environment: | ||||||||
Last Closed: | 2019-07-12 13:04:11 UTC | Type: | Bug | ||||||
Regression: | --- | Mount Type: | --- | ||||||
Documentation: | --- | CRM: | |||||||
Verified Versions: | Category: | --- | |||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||
Embargoed: | |||||||||
Bug Depends On: | 1333797, 1333799, 1336719 | ||||||||
Bug Blocks: | 1329557 | ||||||||
Attachments: |
|
Description
Lubomir Rintel
2016-04-21 18:28:43 UTC
Created attachment 1149527 [details]
Patch 1/2
Created attachment 1149528 [details]
Patch 2/2
Could the security response team get a CVE for this so we can more easily coordinate the fixes with other distros? (In reply to Dan Williams from comment #3) > Could the security response team get a CVE for this so we can more easily > coordinate the fixes with other distros? CVE-2016-3698 Acknowledgments: Name: Julien Bernard (Viagénie) Created libndp tracking bugs for this issue: Affects: fedora-all [bug 1336719] Unembargoing, based on public date This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2016:1086 https://rhn.redhat.com/errata/RHSA-2016-1086.html Upstream commits : - libndp: validate the IPv6 hop limit https://github.com/jpirko/libndp/commit/a4892df306e0532487f1634ba6d4c6d4bb381c7f - libndb: reject redirect and router advertisements from non-link-local https://github.com/jpirko/libndp/commit/2af9a55b38b55abbf05fd116ec097d4029115839 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2016-3698 |