ArchLinux: 201605-26: libndp: man-in-the-middle
Summary
Libndp before version 1.6 does properly validate and check the origin of Neighbor Discovery Protocol (NDP) messages. An attacker on a non-local network can exploit this flaw to advertise a node as a router, which allows them to re-route the traffic through an attacker-controlled node.
Resolution
Upgrade to 1.6-1.
# pacman -Syu "libndp>=1.6-1"
The problem has been fixed upstream in version 1.6
References
https://access.redhat.com/security/cve/CVE-2016-3698 https://github.com/jpirko/libndp/commit/2af9a55b38b55abbf05fd116ec097d4029115839
Workaround
None.