18477 – libndp new security issue CVE-2016-3698

Bug 18477 - libndp new security issue CVE-2016-3698

Summary: libndp new security issue CVE-2016-3698

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	5
Hardware:	All Linux

Priority:	Normal Severity: major
Target Milestone:	---
Assignee:	QA Team
QA Contact:	Sec team

URL:	http://lwn.net/Vulnerabilities/687711/
Whiteboard:	MGA5-32-OK advisory
Keywords:	validated_update

Depends on:
Blocks:	18125
	Show dependency tree / graph

Reported:	2016-05-17 21:34 CEST by David Walser
Modified:	2016-05-18 22:15 CEST (History)
CC List:	3 users (show)

See Also:
Source RPM:	libndp-1.4-3.mga5.src.rpm
CVE:
Status comment:

Attachments
strace for libndp (2.89 KB, text/plain) 2016-05-18 14:51 CEST, Herman Viaene	Details
View All Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2016-05-17 21:34:46 CEST

RedHat has issued an advisory today (May 17):
https://rhn.redhat.com/errata/RHSA-2016-1086.html

See also:
http://openwall.com/lists/oss-security/2016/05/17/9

David Walser 2016-05-17 21:35:00 CEST

Blocks: (none) => 18125
Whiteboard: (none) => MGA5TOO

Comment 1 Philippe Makowski 2016-05-17 21:43:07 CEST

Cauldron updated to 1.6

Packages in 5/core/updates_testing:
========================
lib64ndp0-1.4-3.1.mga5.x86_64
libndp-devel-1.4-3.1.mga5.i586
libndp0-1.4-3.1.mga5.i586
lib64ndp-devel-1.4-3.1.mga5.x86_64


From libndp-1.4-3.1.mga5.src

Advisory:
========================

Updated libndp package fixes security vulnerability:

Libndp is a library (used by NetworkManager) that provides a wrapper for the
IPv6 Neighbor Discovery Protocol. It also provides a tool named ndptool for
sending and receiving NDP messages.

Security Fix(es):

* It was found that libndp did not properly validate and check the origin of
Neighbor Discovery Protocol (NDP) messages. An attacker on a non-local network
could use this flaw to advertise a node as a router, allowing them to perform
man-in-the-middle attacks on a connecting client, or disrupt the network
connectivity of that client. (CVE-2016-3698)

References:
- https://rhn.redhat.com/errata/RHSA-2016-1086.html
- http://openwall.com/lists/oss-security/2016/05/17/9
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3698
- https://bugs.mageia.org/show_bug.cgi?id=18477

CC: (none) => makowski.mageia

Philippe Makowski 2016-05-17 21:44:59 CEST

Assignee: bugsquad => qa-bugs

David Walser 2016-05-18 03:30:15 CEST

Version: Cauldron => 5
Whiteboard: MGA5TOO => (none)

Comment 2 Herman Viaene 2016-05-18 14:50:51 CEST

MGA5-32 on Acer D620 Xfce
No installation issues.
Not sure what is exactly meant by NetworkManager, anyway the network tools in MCC did not show any access to libndp.
Tried at CLI:
strace -o libndp.txt ndptool -i wlp5s0 monitor
this gave no feedback on the CLI, but the trace shows usage of libndp (attached)

CC: (none) => herman.viaene

Comment 3 Herman Viaene 2016-05-18 14:51:34 CEST

Created attachment 7803 [details]
strace for libndp

Herman Viaene 2016-05-18 14:51:52 CEST

Whiteboard: (none) => MGA5-32-OK

Comment 4 claire robinson 2016-05-18 18:14:57 CEST

Validating.

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

claire robinson 2016-05-18 18:35:26 CEST

Whiteboard: MGA5-32-OK => MGA5-32-OK advisory

Comment 5 Mageia Robot 2016-05-18 22:15:34 CEST

An update for this issue has been pushed to the Mageia Updates repository.

http://advisories.mageia.org/MGASA-2016-0185.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED

Note You need to log in before you can comment on or make changes to this bug.