Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 7 Mar 2014 19:23:20 -0500 (EST)
From: cve-assign@...re.org
To: sd@...asysnail.net
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com,
        hannes@...essinduktion.org
Subject: Re: CVE Request: Linux kernel: IPv6: crash due to router advertisement flooding

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> The Linux kernel is vulnerable to a crash on hosts that accept router
> advertisements. An unlimited number of routes can be created from
> router advertisements.
> 
> A remote attacker in the same layer 2 segment can cause a crash from
> memory exhaustion by flooding router advertisements to a target
> machine.
> 
> https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=c88507fbad8055297c1d1e21e599f46960cbee39
> 
> http://patchwork.ozlabs.org/patch/327515/

Use CVE-2014-2309.

As a side note, this is possibly related to "it seems that Linux is
not affected, you might want to test though as I have only tested this
with a 2.6.x kernel" in the
http://www.openwall.com/lists/oss-security/2012/10/10/8 post. (By
mentioning this, we do not mean that CVE-2014-2309 is a duplicate of a
CVE assignment from October 2012. We only mean that this
c88507fbad8055297c1d1e21e599f46960cbee39 issue in the Linux kernel 3.x
might have been suggested but not tested in 2012.)

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJTGmF9AAoJEKllVAevmvms3SEH/1o5RaRem6lv7ee3SLdXL5br
oW9Ze4kXzWweXE3MqHNZk0J4AOPbn5/NbcFN+PJPQeY9ocTUOKqHogWLXXyZAFpf
bLAAOc7TDti0D9gy6JdPlg/hdPeo/65yZG20xrnJlHNMjvsQhOd3Hw+ib/9QSW8p
tnJK3iAfVvfWNZeby/1efxWSfEqKAhD3SCAhIIOK1UCBOPhsqcKt0s6UM7+/CTQI
cJxX58mDD/h4waE3yejrGioP30sYXzvg3V7CO6r+OJEiz7rtfHUVKjaHR1Yy0ZX9
b75QApdmGWrArhrsJo0Gomn0spIXHvBZjuuC6wpj8K6G6/eeSBZk3CUHAo5jfdM=
=rnx+
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ