Bugzilla – Bug 926223
VUL-2: CVE-2015-2924: NetworkManager: IPv6 Hop limit lowering via RA messages
Last modified: 2020-10-21 09:18:05 UTC
Via oss-sec http://seclists.org/oss-sec/2015/q2/46 An unprivileged user on a local network can use IPv6 Neighbour Discovery ICMP to broadcast a non-route with a low hop limit, this causing machines to lower the hop limit on existing IPv6 routes. Projects impacted: Linux kernel, NetworkManager, FreeBSD Kernel [...] , NetworkManager This might refer to http://cgit.freedesktop.org/NetworkManager/NetworkManager/tree/src/rdisc/nm-lndp-rdisc.c hop_limit = ndp_msgra_curhoplimit (msgra); if (rdisc->hop_limit != hop_limit) { rdisc->hop_limit = hop_limit; changed |= NM_RDISC_CONFIG_HOP_LIMIT; however, the MITRE CVE team is not directly familiar with this part of the NetworkManager code and has not researched any changes to the "rdisc->hop_limit != hop_limit" test. There is apparently no commit available yet at: http://cgit.freedesktop.org/NetworkManager/NetworkManager/log/src/rdisc/nm-lndp-rdisc.c but, again, we don't know whether changes would need to occur there. Use CVE-2015-2924 for the NetworkManager vulnerability. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2924 http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-2924.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2924
bugbot adjusting priority
Assign to new bugowner
There is already a fix in upstream: master: http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=bdaaf9849b0cacf131b71fa2ae168f5db796874f nm-1-0: http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=6e8c5b51b16c6a60a533ce753bcc54b7e2e703ca nm-0-9-10: http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=d195edb95a543f7eebbd0a164e8ff3bef599370a The fix has been included in SLE12 SP2.
The fix has been in SUSE:SLE-12-SP2:Update and SUSE:SLE-15:Update. For SUSE:SLE-11-SP1:Update and SUSE:SLE-11-SP2:Update, this CVE doesn't apply to those two projects.
Done