'[oss-security] CVE-2014-3554: libndp buffer overflow'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] CVE-2014-3554: libndp buffer overflow
From:       Murray McAllister <mmcallis () redhat ! com>
Date:       2014-07-29 12:09:23
Message-ID: 53D78EF3.9000709 () redhat ! com
[Download RAW message or body]

Good morning,

The below was previously sent to the distros list. A patch is available 
from https://bugzilla.redhat.com/attachment.cgi?id=917255

libndp (libndp.org) provides a library for the IPv6 Neighbor Discovery 
Protocol. Andrew Ayer discovered a buffer overflow flaw in the 
ndp_msg_opt_dnssl_domain() function when handling the DNS Search List 
(DNSSL) in IPv6 router advertisements. A malicious router or 
man-in-the-middle attacker could use this flaw to cause an application 
using libndp to crash or, potentially, execute arbitrary code. 
(CVE-2014-3554)

Please credit Andrew Ayer with the discovery.

Cheers,

--
Murray McAllister / Red Hat Product Security

https://bugzilla.redhat.com/show_bug.cgi?id=1118583
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic