Описание
The receive_ra function in rdisc/nm-lndp-rdisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in NetworkManager 1.x allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message, a similar issue to CVE-2015-2922.
A flaw was found in the way NetworkManager handled router advertisements. An unprivileged user on a local network could use IPv6 Neighbor Discovery ICMP to broadcast a non-route with a low hop limit, causing machines to lower the hop limit on existing IPv6 routes. If this limit is small enough, IPv6 packets would be dropped before reaching the final destination.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | NetworkManager | Not affected | ||
| Red Hat Enterprise Linux 6 | NetworkManager | Not affected | ||
| Red Hat Enterprise Linux 7 | ModemManager | Fixed | RHSA-2015:2315 | 19.11.2015 |
| Red Hat Enterprise Linux 7 | NetworkManager | Fixed | RHSA-2015:2315 | 19.11.2015 |
| Red Hat Enterprise Linux 7 | network-manager-applet | Fixed | RHSA-2015:2315 | 19.11.2015 |
| Red Hat Enterprise Linux 7 | NetworkManager-libreswan | Fixed | RHSA-2015:2315 | 19.11.2015 |
Показывать по
Дополнительная информация
Статус:
3.3 Low
CVSS2
Связанные уязвимости
The receive_ra function in rdisc/nm-lndp-rdisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in NetworkManager 1.x allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message, a similar issue to CVE-2015-2922.
The receive_ra function in rdisc/nm-lndp-rdisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in NetworkManager 1.x allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message, a similar issue to CVE-2015-2922.
The receive_ra function in rdisc/nm-lndp-rdisc.c in the Neighbor Disco ...
The receive_ra function in rdisc/nm-lndp-rdisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in NetworkManager 1.x allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message, a similar issue to CVE-2015-2922.
ELSA-2015-2315: NetworkManager security, bug fix, and enhancement update (MODERATE)
3.3 Low
CVSS2