Bug 1267714 (CVE-2015-5293) - CVE-2015-5293 RHEV: When "boot protocol" is set to None on an interface, interface still gets IPv6 address
Summary: CVE-2015-5293 RHEV: When "boot protocol" is set to None on an interface, inte...
Keywords:
Status: CLOSED WONTFIX
Alias: CVE-2015-5293
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
: 1265991 (view as bug list)
Depends On: 1265991 1267715
Blocks: 1266437
TreeView+ depends on / blocked
 
Reported: 2015-09-30 18:40 UTC by Kurt Seifried
Modified: 2021-02-17 04:53 UTC (History)
14 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-12-17 16:49:24 UTC
Embargoed:

Attachments (Terms of Use)

Description Kurt Seifried 2015-09-30 18:40:01 UTC 
It is reported that when a bridge device is set up with "None" for the boot 
protocol on a network with working IPv6 stateless configuration the host will
receieve a valid SLAAC IPv6 address. This could result in a system being 
reachable via IPv6 when it is not intended to be.
Comment 2 Kurt Seifried 2015-09-30 18:48:40 UTC 
*** Bug 1265991 has been marked as a duplicate of this bug. ***
Comment 4 Kurt Seifried 2015-12-17 16:49:05 UTC 
Workaround:

Firewall IPv6 on hosts to prevent network availability.
Comment 5 Kurt Seifried 2015-12-17 16:49:24 UTC 
Statement:

This issue affects the versions of vdsm as shipped in Red Hat Enterprise Virtualization 3.x. Red Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
Note You need to log in before you can comment on or make changes to this bug.