Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: Sabrina Dubroca <sd-y1jBWg8GRStKuXlAQpz2QA <at> public.gmane.org>
Subject: CVE Request: Linux kernel: IPv6: crash due to router advertisement flooding
Newsgroups: gmane.comp.security.oss.general
Date: Friday 7th March 2014 12:45:10 UTC (over 2 years ago)
The Linux kernel is vulnerable to a crash on hosts that accept router
advertisements. An unlimited number of routes can be created from
router advertisements.

A remote attacker in the same layer 2 segment can cause a crash from
memory exhaustion by flooding router advertisements to a target
machine.

Upstream fix:
https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=c88507fbad8055297c1d1e21e599f46960cbee39

The patch is pending for stable.
http://patchwork.ozlabs.org/patch/327515/

Introduced by:
https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=957c665f37007de93ccbe45902a23143724170d0

This commit appeared in 3.0.


Thanks,

-- 
Sabrina Dubroca
 
CD: 4ms