Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 29 Jul 2014 22:09:23 +1000
From: Murray McAllister <mmcallis@...hat.com>
To: oss-security@...ts.openwall.com
Subject: CVE-2014-3554: libndp buffer overflow

Good morning,

The below was previously sent to the distros list. A patch is available 
from https://bugzilla.redhat.com/attachment.cgi?id=917255

libndp (libndp.org) provides a library for the IPv6 Neighbor Discovery 
Protocol. Andrew Ayer discovered a buffer overflow flaw in the 
ndp_msg_opt_dnssl_domain() function when handling the DNS Search List 
(DNSSL) in IPv6 router advertisements. A malicious router or 
man-in-the-middle attacker could use this flaw to cause an application 
using libndp to crash or, potentially, execute arbitrary code. 
(CVE-2014-3554)

Please credit Andrew Ayer with the discovery.

Cheers,

--
Murray McAllister / Red Hat Product Security

https://bugzilla.redhat.com/show_bug.cgi?id=1118583

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ