Explore top 10 tips to secure your open-source projects now. Read More
×
Arch Linux Security Advisory ASA-201605-26 ========================================= Severity: Medium Date : 2016-05-24 CVE-ID : CVE-2016-3698 Package : libndp Type : man-in-the-middle Remote : Yes Link : https://wiki.archlinux.org/title/CVE Summary ====== The package libndp before version 1.6-1 is vulnerable to man-in-the-middle attacks. Resolution ========= Upgrade to 1.6-1. # pacman -Syu "libndp>=1.6-1" The problem has been fixed upstream in version 1.6 Workaround ========= None. Description ========== Libndp before version 1.6 does properly validate and check the origin of Neighbor Discovery Protocol (NDP) messages. An attacker on a non-local network can exploit this flaw to advertise a node as a router, which allows them to re-route the traffic through an attacker-controlled node. Impact ===== A remote unauthenticated attacker is able to send specially crafted messages to a client and act as a man-in-the-middle between the client and a server or disrupt client traffic. References ========= https://access.redhat.com/security/cve/CVE-2016-3698 https://github.com/jpirko/libndp/commit/2af9a55b38b55abbf05fd116ec097d4029115839