| Summary: | <net-misc/networkmanager-1.0.2-r1: denial of service (DoS) attack against IPv6 network stacks due to improper handling of Router Advertisements (CVE-2015-2924) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | gnome, skullbocks |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1209902 | ||
| Whiteboard: | A3 [glsa cve] | ||
| Package list: | Runtime testing required: | --- | |
| Bug Depends on: | 549706, 549728 | ||
| Bug Blocks: | |||
http://cgit.freedesktop.org/NetworkManager/NetworkManager/tree/NEWS?h=nm-1-0 Fixed in NetworkManager 1.0.2 =net-misc/networkmanager-1.0.2 amd64 arm ppc ppc64 x86 =net-misc/networkmanager-openconnect-1.0.2 amd64 x86 =net-misc/networkmanager-openswan-1.0.2 amd64 x86 =net-misc/networkmanager-openvpn-1.0.2 amd64 x86 =net-misc/networkmanager-pptp-1.0.2 amd64 x86 =net-misc/networkmanager-vpnc-1.0.2 amd64 x86 Arches please go ahead =net-misc/networkmanager-1.0.2 amd64 arm ppc ppc64 x86 =net-misc/networkmanager-openconnect-1.0.2 amd64 x86 =net-misc/networkmanager-openswan-1.0.2 amd64 x86 =net-misc/networkmanager-openvpn-1.0.2 amd64 x86 =net-misc/networkmanager-pptp-1.0.2 amd64 x86 =net-misc/networkmanager-vpnc-1.0.2 amd64 x86 =gnome-extra/nm-applet-1.0.2 amd64 x86 amd64 stable x86 stable Ah, regarding remaining arches... if you want to drop stable keywords for NM it shouldn't be too hard (use.masking "networkmanager" should drop the dep for most stuff) Stable for PPC64. arm stable I encountered exactly the same issue on =net-misc/networkmanager-1.0.2-r1 but I found a workaround that seems work. As suggested here at section 2: https://blogs.gnome.org/dcbw/2015/01/19/the-whole-damn-world-takes-effect-to-networkmanager-1-0/ I put this: [main] dhcp=internal into /etc/NetworkManager/NetworkManager.conf and than the problem disappeared. ppc stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one. New GLSA Request filed. Maintainer(s), please drop the vulnerable version(s). CVE-2015-2924 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2924): ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. ** TEMPORARY ** An unprivileged user on a local network can use IPv6 Neighbour Discovery ICMP to broadcast a non-route with a low hop limit, this causing machines to lower the hop limit on existing IPv6 routes in NetworkManager Ping on cleanup. Maintainer(s), Thank you for you for cleanup. This issue was resolved and addressed in GLSA 201509-05 at https://security.gentoo.org/glsa/201509-05 by GLSA coordinator Kristian Fiskerstrand (K_F). |
From ${URL} : This issue is similar to CVE-2015-2922 This might refer to the code below: http://cgit.freedesktop.org/NetworkManager/NetworkManager/tree/src/rdisc/nm-lndp-rdisc.c ... hop_limit = ndp_msgra_curhoplimit (msgra); if (rdisc->hop_limit != hop_limit) { rdisc->hop_limit = hop_limit; changed |= NM_RDISC_CONFIG_HOP_LIMIT; ... CVE was assigned here: http://seclists.org/oss-sec/2015/q2/46 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.