Date: Tue, 29 Jul 2014 22:09:23 +1000 From: Murray McAllister <mmcallis@...hat.com> To: oss-security@...ts.openwall.com Subject: CVE-2014-3554: libndp buffer overflow Good morning, The below was previously sent to the distros list. A patch is available from https://bugzilla.redhat.com/attachment.cgi?id=917255 libndp (libndp.org) provides a library for the IPv6 Neighbor Discovery Protocol. Andrew Ayer discovered a buffer overflow flaw in the ndp_msg_opt_dnssl_domain() function when handling the DNS Search List (DNSSL) in IPv6 router advertisements. A malicious router or man-in-the-middle attacker could use this flaw to cause an application using libndp to crash or, potentially, execute arbitrary code. (CVE-2014-3554) Please credit Andrew Ayer with the discovery. Cheers, -- Murray McAllister / Red Hat Product Security https://bugzilla.redhat.com/show_bug.cgi?id=1118583
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.