Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 545980 (CVE-2015-2924) - <net-misc/networkmanager-1.0.2-r1: denial of service (DoS) attack against IPv6 network stacks due to improper handling of Router Advertisements (CVE-2015-2924)
Summary: <net-misc/networkmanager-1.0.2-r1: denial of service (DoS) attack against IPv...
Status: RESOLVED FIXED
Alias: CVE-2015-2924
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://bugzilla.redhat.com/show_bug....
Whiteboard: A3 [glsa cve]
Keywords:
Depends on: 549706 549728
Blocks:
  Show dependency tree
 
Reported: 2015-04-08 15:15 UTC by Agostino Sarubbo
Modified: 2015-09-24 17:01 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2015-04-08 15:15:05 UTC
From ${URL} :

This issue is similar to CVE-2015-2922
This might refer to the code below:

http://cgit.freedesktop.org/NetworkManager/NetworkManager/tree/src/rdisc/nm-lndp-rdisc.c
...
  hop_limit = ndp_msgra_curhoplimit (msgra);
  if (rdisc->hop_limit != hop_limit) {
          rdisc->hop_limit = hop_limit;
          changed |= NM_RDISC_CONFIG_HOP_LIMIT;
...

CVE was assigned here: http://seclists.org/oss-sec/2015/q2/46


@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 Manuel Rüger (RETIRED) gentoo-dev 2015-05-06 14:20:11 UTC
http://cgit.freedesktop.org/NetworkManager/NetworkManager/tree/NEWS?h=nm-1-0 Fixed in NetworkManager 1.0.2
Comment 2 Pacho Ramos gentoo-dev 2015-05-17 07:44:38 UTC
=net-misc/networkmanager-1.0.2 amd64 arm ppc ppc64 x86
=net-misc/networkmanager-openconnect-1.0.2 amd64 x86
=net-misc/networkmanager-openswan-1.0.2 amd64 x86
=net-misc/networkmanager-openvpn-1.0.2 amd64 x86
=net-misc/networkmanager-pptp-1.0.2 amd64 x86
=net-misc/networkmanager-vpnc-1.0.2 amd64 x86

Arches please go ahead
Comment 3 Pacho Ramos gentoo-dev 2015-05-17 14:30:10 UTC
=net-misc/networkmanager-1.0.2 amd64 arm ppc ppc64 x86
=net-misc/networkmanager-openconnect-1.0.2 amd64 x86
=net-misc/networkmanager-openswan-1.0.2 amd64 x86
=net-misc/networkmanager-openvpn-1.0.2 amd64 x86
=net-misc/networkmanager-pptp-1.0.2 amd64 x86
=net-misc/networkmanager-vpnc-1.0.2 amd64 x86
=gnome-extra/nm-applet-1.0.2 amd64 x86
Comment 4 Agostino Sarubbo gentoo-dev 2015-05-17 15:55:15 UTC
amd64 stable
Comment 5 Agostino Sarubbo gentoo-dev 2015-05-17 15:55:55 UTC
x86 stable
Comment 6 Pacho Ramos gentoo-dev 2015-05-17 18:37:08 UTC
Ah, regarding remaining arches... if you want to drop stable keywords for NM it shouldn't be too hard (use.masking "networkmanager" should drop the dep for most stuff)
Comment 7 Jeroen Roovers (RETIRED) gentoo-dev 2015-05-21 05:38:19 UTC
Stable for PPC64.
Comment 8 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2015-05-31 13:21:28 UTC
arm stable
Comment 9 Francesco Ferro 2015-06-07 21:28:23 UTC
I encountered exactly the same issue on =net-misc/networkmanager-1.0.2-r1 but I found a workaround that seems work.
As suggested here at section 2:
https://blogs.gnome.org/dcbw/2015/01/19/the-whole-damn-world-takes-effect-to-networkmanager-1-0/
I put this:

[main]
dhcp=internal

into /etc/NetworkManager/NetworkManager.conf and than the problem disappeared.
Comment 10 Agostino Sarubbo gentoo-dev 2015-06-24 09:01:20 UTC
ppc stable.

Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
Comment 11 Yury German Gentoo Infrastructure gentoo-dev 2015-06-30 19:06:45 UTC
New GLSA Request filed.

Maintainer(s), please drop the vulnerable version(s).
Comment 12 GLSAMaker/CVETool Bot gentoo-dev 2015-07-06 13:07:09 UTC
CVE-2015-2924 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2924):
  ** RESERVED ** This candidate has been reserved by an organization or
  individual that will use it when announcing a new security problem. When the
  candidate has been publicized, the details for this candidate will be
  provided.
  
  ** TEMPORARY **
  An unprivileged user on a local network can use IPv6 Neighbour Discovery
  ICMP to broadcast a non-route with a low hop limit, this causing machines to
  lower the hop limit on existing IPv6 routes in NetworkManager
Comment 13 Yury German Gentoo Infrastructure gentoo-dev 2015-08-04 14:35:29 UTC
Ping on cleanup.
Comment 14 Yury German Gentoo Infrastructure gentoo-dev 2015-09-08 04:01:12 UTC
Maintainer(s), Thank you for you for cleanup.
Comment 15 GLSAMaker/CVETool Bot gentoo-dev 2015-09-24 17:01:07 UTC
This issue was resolved and addressed in
 GLSA 201509-05 at https://security.gentoo.org/glsa/201509-05
by GLSA coordinator Kristian Fiskerstrand (K_F).