[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] CVE-2014-3554: libndp buffer overflow
From: Murray McAllister <mmcallis () redhat ! com>
Date: 2014-07-29 12:09:23
Message-ID: 53D78EF3.9000709 () redhat ! com
[Download RAW message or body]
Good morning,
The below was previously sent to the distros list. A patch is available
from https://bugzilla.redhat.com/attachment.cgi?id=917255
libndp (libndp.org) provides a library for the IPv6 Neighbor Discovery
Protocol. Andrew Ayer discovered a buffer overflow flaw in the
ndp_msg_opt_dnssl_domain() function when handling the DNS Search List
(DNSSL) in IPv6 router advertisements. A malicious router or
man-in-the-middle attacker could use this flaw to cause an application
using libndp to crash or, potentially, execute arbitrary code.
(CVE-2014-3554)
Please credit Andrew Ayer with the discovery.
Cheers,
--
Murray McAllister / Red Hat Product Security
https://bugzilla.redhat.com/show_bug.cgi?id=1118583
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic