It was reported [1] that it's possible to craft a Router Advertisement message which will bring the receiver in a state where new IPv6 connections will not be accepted until correct Router Advertisement message received. [1]: https://bugzilla.redhat.com/show_bug.cgi?id=1183051#c3
Hi Vasyl The referenced other report seems restricted. Is there any more information you can share on CVE-2015-0272 (e.g. affected versions, fixing commit)? Regards, Salvatore
Created NetworkManager tracking bugs for this issue: Affects: fedora-all [bug 1260931]
It was discovered that NetworkManager would set device MTUs based on the MTU values received in IPv6 RAs (Router Advertisements), without checking the MTU value for sanity first. A remote attacker could exploit this attack to disturb IPv6 communication by sending a specially crafted IPv6 RA packet. NetworkManager patch: http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=d5fc88e573fa58b93034b04d35a2454f5d28cad9 There's also a patch for the kernel to harden against invalid MTUs (the file to set the MTU is root owned, though): http://article.gmane.org/gmane.linux.network/351269
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2015:2315 https://rhn.redhat.com/errata/RHSA-2015-2315.html