Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list] 
Date: Tue, 29 Jul 2014 22:09:23 +1000
From: Murray McAllister <mmcallis@...hat.com>
To: oss-security@...ts.openwall.com
Subject: CVE-2014-3554: libndp buffer overflow

Good morning,

The below was previously sent to the distros list. A patch is available 
from https://bugzilla.redhat.com/attachment.cgi?id=917255

libndp (libndp.org) provides a library for the IPv6 Neighbor Discovery 
Protocol. Andrew Ayer discovered a buffer overflow flaw in the 
ndp_msg_opt_dnssl_domain() function when handling the DNS Search List 
(DNSSL) in IPv6 router advertisements. A malicious router or 
man-in-the-middle attacker could use this flaw to cause an application 
using libndp to crash or, potentially, execute arbitrary code. 
(CVE-2014-3554)

Please credit Andrew Ayer with the discovery.

Cheers,

--
Murray McAllister / Red Hat Product Security

https://bugzilla.redhat.com/show_bug.cgi?id=1118583

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.