Date: Fri, 7 Mar 2014 19:23:20 -0500 (EST) From: cve-assign@...re.org To: sd@...asysnail.net Cc: cve-assign@...re.org, oss-security@...ts.openwall.com, hannes@...essinduktion.org Subject: Re: CVE Request: Linux kernel: IPv6: crash due to router advertisement flooding -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > The Linux kernel is vulnerable to a crash on hosts that accept router > advertisements. An unlimited number of routes can be created from > router advertisements. > > A remote attacker in the same layer 2 segment can cause a crash from > memory exhaustion by flooding router advertisements to a target > machine. > > https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=c88507fbad8055297c1d1e21e599f46960cbee39 > > http://patchwork.ozlabs.org/patch/327515/ Use CVE-2014-2309. As a side note, this is possibly related to "it seems that Linux is not affected, you might want to test though as I have only tested this with a 2.6.x kernel" in the http://www.openwall.com/lists/oss-security/2012/10/10/8 post. (By mentioning this, we do not mean that CVE-2014-2309 is a duplicate of a CVE assignment from October 2012. We only mean that this c88507fbad8055297c1d1e21e599f46960cbee39 issue in the Linux kernel 3.x might have been suggested but not tested in 2012.) - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJTGmF9AAoJEKllVAevmvms3SEH/1o5RaRem6lv7ee3SLdXL5br oW9Ze4kXzWweXE3MqHNZk0J4AOPbn5/NbcFN+PJPQeY9ocTUOKqHogWLXXyZAFpf bLAAOc7TDti0D9gy6JdPlg/hdPeo/65yZG20xrnJlHNMjvsQhOd3Hw+ib/9QSW8p tnJK3iAfVvfWNZeby/1efxWSfEqKAhD3SCAhIIOK1UCBOPhsqcKt0s6UM7+/CTQI cJxX58mDD/h4waE3yejrGioP30sYXzvg3V7CO6r+OJEiz7rtfHUVKjaHR1Yy0ZX9 b75QApdmGWrArhrsJo0Gomn0spIXHvBZjuuC6wpj8K6G6/eeSBZk3CUHAo5jfdM= =rnx+ -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ