[arch-security] [ASA-201605-26] libndp: man-in-the-middle

Levente Polyak anthraxx at archlinux.org
Tue May 24 15:40:08 UTC 2016


Arch Linux Security Advisory ASA-201605-26
==========================================

Severity: Medium
Date    : 2016-05-24
CVE-ID  : CVE-2016-3698
Package : libndp
Type    : man-in-the-middle
Remote  : Yes
Link    : https://wiki.archlinux.org/index.php/CVE

Summary
=======

The package libndp before version 1.6-1 is vulnerable to
man-in-the-middle attacks.

Resolution
==========

Upgrade to 1.6-1.

# pacman -Syu "libndp>=1.6-1"

The problem has been fixed upstream in version 1.6

Workaround
==========

None.

Description
===========

Libndp before version 1.6 does properly validate and check the origin of
Neighbor Discovery Protocol (NDP) messages. An attacker on a non-local
network can exploit this flaw to advertise a node as a router, which
allows them to re-route the traffic through an attacker-controlled node.

Impact
======

A remote unauthenticated attacker is able to send specially crafted
messages to a client and act as a man-in-the-middle between the client
and a server or disrupt client traffic.

References
==========

https://access.redhat.com/security/cve/CVE-2016-3698
https://github.com/jpirko/libndp/commit/2af9a55b38b55abbf05fd116ec097d4029115839

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-security/attachments/20160524/48d98827/attachment.asc>


More information about the arch-security mailing list