Bug 1267714 - (CVE-2015-5293) CVE-2015-5293 RHEV: When "boot protocol" is set to None on an interface, interface still gets IPv6 address
CVE-2015-5293 RHEV: When "boot protocol" is set to None on an interface, inte...
Status: CLOSED WONTFIX
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
low Severity low
: ---
: ---
Assigned To: Red Hat Product Security
impact=low,public=20150930,reported=2...
: Security
: 1265991 (view as bug list)
Depends On: 1265991 1267715
Blocks: 1266437
  Show dependency treegraph
 
Reported: 2015-09-30 14:40 EDT by Kurt Seifried
Modified: 2015-12-17 11:49 EST (History)
15 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-12-17 11:49:24 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Kurt Seifried 2015-09-30 14:40:01 EDT
It is reported that when a bridge device is set up with "None" for the boot 
protocol on a network with working IPv6 stateless configuration the host will
receieve a valid SLAAC IPv6 address. This could result in a system being 
reachable via IPv6 when it is not intended to be.
Comment 2 Kurt Seifried 2015-09-30 14:48:40 EDT
*** Bug 1265991 has been marked as a duplicate of this bug. ***
Comment 4 Kurt Seifried 2015-12-17 11:49:05 EST
Workaround:

Firewall IPv6 on hosts to prevent network availability.
Comment 5 Kurt Seifried 2015-12-17 11:49:24 EST
Statement:

This issue affects the versions of vdsm as shipped in Red Hat Enterprise Virtualization 3.x. Red Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.

Note You need to log in before you can comment on or make changes to this bug.