Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 7 Mar 2014 19:23:20 -0500 (EST)
From: cve-assign@...re.org
To: sd@...asysnail.net
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com,
        hannes@...essinduktion.org
Subject: Re: CVE Request: Linux kernel: IPv6: crash due to router advertisement flooding

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> The Linux kernel is vulnerable to a crash on hosts that accept router
> advertisements. An unlimited number of routes can be created from
> router advertisements.
> 
> A remote attacker in the same layer 2 segment can cause a crash from
> memory exhaustion by flooding router advertisements to a target
> machine.
> 
> https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=c88507fbad8055297c1d1e21e599f46960cbee39
> 
> http://patchwork.ozlabs.org/patch/327515/

Use CVE-2014-2309.

As a side note, this is possibly related to "it seems that Linux is
not affected, you might want to test though as I have only tested this
with a 2.6.x kernel" in the
http://www.openwall.com/lists/oss-security/2012/10/10/8 post. (By
mentioning this, we do not mean that CVE-2014-2309 is a duplicate of a
CVE assignment from October 2012. We only mean that this
c88507fbad8055297c1d1e21e599f46960cbee39 issue in the Linux kernel 3.x
might have been suggested but not tested in 2012.)

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJTGmF9AAoJEKllVAevmvms3SEH/1o5RaRem6lv7ee3SLdXL5br
oW9Ze4kXzWweXE3MqHNZk0J4AOPbn5/NbcFN+PJPQeY9ocTUOKqHogWLXXyZAFpf
bLAAOc7TDti0D9gy6JdPlg/hdPeo/65yZG20xrnJlHNMjvsQhOd3Hw+ib/9QSW8p
tnJK3iAfVvfWNZeby/1efxWSfEqKAhD3SCAhIIOK1UCBOPhsqcKt0s6UM7+/CTQI
cJxX58mDD/h4waE3yejrGioP30sYXzvg3V7CO6r+OJEiz7rtfHUVKjaHR1Yy0ZX9
b75QApdmGWrArhrsJo0Gomn0spIXHvBZjuuC6wpj8K6G6/eeSBZk3CUHAo5jfdM=
=rnx+
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.