|
Message-Id: <201403080023.s280NK6C011315@linus.mitre.org> Date: Fri, 7 Mar 2014 19:23:20 -0500 (EST) From: cve-assign@...re.org To: sd@...asysnail.net Cc: cve-assign@...re.org, oss-security@...ts.openwall.com, hannes@...essinduktion.org Subject: Re: CVE Request: Linux kernel: IPv6: crash due to router advertisement flooding -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > The Linux kernel is vulnerable to a crash on hosts that accept router > advertisements. An unlimited number of routes can be created from > router advertisements. > > A remote attacker in the same layer 2 segment can cause a crash from > memory exhaustion by flooding router advertisements to a target > machine. > > https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=c88507fbad8055297c1d1e21e599f46960cbee39 > > http://patchwork.ozlabs.org/patch/327515/ Use CVE-2014-2309. As a side note, this is possibly related to "it seems that Linux is not affected, you might want to test though as I have only tested this with a 2.6.x kernel" in the http://www.openwall.com/lists/oss-security/2012/10/10/8 post. (By mentioning this, we do not mean that CVE-2014-2309 is a duplicate of a CVE assignment from October 2012. We only mean that this c88507fbad8055297c1d1e21e599f46960cbee39 issue in the Linux kernel 3.x might have been suggested but not tested in 2012.) - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJTGmF9AAoJEKllVAevmvms3SEH/1o5RaRem6lv7ee3SLdXL5br oW9Ze4kXzWweXE3MqHNZk0J4AOPbn5/NbcFN+PJPQeY9ocTUOKqHogWLXXyZAFpf bLAAOc7TDti0D9gy6JdPlg/hdPeo/65yZG20xrnJlHNMjvsQhOd3Hw+ib/9QSW8p tnJK3iAfVvfWNZeby/1efxWSfEqKAhD3SCAhIIOK1UCBOPhsqcKt0s6UM7+/CTQI cJxX58mDD/h4waE3yejrGioP30sYXzvg3V7CO6r+OJEiz7rtfHUVKjaHR1Yy0ZX9 b75QApdmGWrArhrsJo0Gomn0spIXHvBZjuuC6wpj8K6G6/eeSBZk3CUHAo5jfdM= =rnx+ -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.