Debian: DSA-2323-1: radvd security update

    Date28 Oct 2011
    CategoryDebian
    43
    Posted ByLinuxSecurity Advisories
    Multiple security issues were discovered by Vasiliy Kulikov in radvd, an IPv6 Router Advertisement daemon: CVE-2011-3602
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1
    
    - -------------------------------------------------------------------------
    Debian Security Advisory DSA-2323-1                   This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                         Yves-Alexis Perez
    October 26, 2011                       http://www.debian.org/security/faq
    - -------------------------------------------------------------------------
    
    Package        : radvd
    Vulnerability  : several
    Problem type   : remote
    Debian-specific: no
    CVE ID         : CVE-2011-3602 CVE-2011-3604 CVE-2011-3605
    Debian Bug     : 644614
    
    Multiple security issues were discovered by Vasiliy Kulikov in radvd, an 
    IPv6 Router Advertisement daemon:
    
    CVE-2011-3602
    
       set_interface_var() function doesn't check the interface name, which is
       chosen by an unprivileged user. This could lead to an arbitrary file
       overwrite if the attacker has local access, or specific files overwrites
       otherwise.
    
    CVE-2011-3604
    
       process_ra() function lacks multiple buffer length checks which could
       lead to memory reads outside the stack, causing a crash of the daemon.
    
    CVE-2011-3605
    
       process_rs() function calls mdelay() (a function to wait for a defined
       time) unconditionnally when running in unicast-only mode. As this call
       is in the main thread, that means all request processing is delayed (for
       a time up to MAX_RA_DELAY_TIME, 500 ms by default). An attacked could
       flood the daemon with router solicitations in order to fill the input
       queue, causing a temporary denial of service (processing would be
       stopped during all the mdelay() calls).
       Note: upstream and Debian default is to use anycast mode.
    
    
    For the oldstable distribution (lenny), this problem has been fixed in
    version 1:1.1-3.1.
    
    For the stable distribution (squeeze), this problem has been fixed in
    version 1:1.6-1.1.
    
    For the testing distribution (wheezy), this problem has been fixed in
    version 1:1.8-1.2.
    
    For the unstable distribution (sid), this problem has been fixed in
    version 1:1.8-1.2.
    
    We recommend that you upgrade your radvd packages.
    
    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: http://www.debian.org/security/
    
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"24","type":"x","order":"1","pct":54.55,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":11.36,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"15","type":"x","order":"3","pct":34.09,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.