Bugzilla – Bug 979645
VUL-0: CVE-2016-3698: libndp: improper input validation check
Last modified: 2020-04-23 12:03:22 UTC
bugbot adjusting priority
was made public. From: Cedric Buissart <cbuissar@redhat.com> Subject: [oss-security] RHSA-2016:1086 libndp: denial of service due to insufficient validation of source of NDP messages Dear all, An improper input validation check, and improper origin check flaw during the reception of NDP message was discovered in libndp. An attacker in a non local network could use this flaw to advertise a node as a router, and cause a denial of service attack, or act as a man in the middle. The patches enforce that hop limit must be 255, to ensure that the NDP message has not been routed. Patches can be found upsteam: - libndp: validate the IPv6 hop limit https://github.com/jpirko/libndp/commit/a4892df306e0532487f1634ba6d4c6d4bb3= 81c7f - libndb: reject redirect and router advertisements from non-link-local https://github.com/jpirko/libndp/commit/2af9a55b38b55abbf05fd116ec097d40291= 15839 https://people.freedesktop.org/~lkundrak/.libndp/ Known affected packages : NetworkManager >=3D 1.0 Thanks to Julien Bernard (Viag=C3=A9nie) for discovering the issue Kind regards, -- Cedric Buissart Purkynova 99 Brno 612 45
Ismael, please check if SLES 12 SP2 is fixed
Maintainer in openSUSE is Dimstar
This is an autogenerated message for OBS integration: This bug (979645) was mentioned in https://build.opensuse.org/request/show/402452 Factory / libndp
SLE12 SP2 is already fixed, I sent an SR (#116647) to sync the changelogs.
Done