*sic* yet another round of "let's find 5 cve in a software at a time". I will take care of this, but the patch not all cleanly apply. ( and github is a pain as usual ).

Ok so i fixed the bugs.

Here is the advisory :
Vasiliy Kulikov discovered a number of security vulnerabilities and some
other issues in radvd 1.8.1, and fixed some of them.
Mageia updated radvd for those flawes, and this update include fixes for :
 - CVE-2011-3601, privilege escalation due to a buffer overflow in process_ra()
 - CVE-2011-3602, arbitrary file overwrite
 - CVE-2011-3603, failure to drop privileges
 - CVE-2011-3604, buffer overread and crashes
 - CVE-2011-3605, temporary DOS in process_rs()
See http://seclists.org/oss-sec/2011/q4/30 for details,
and https://bugs.mageia.org/show_bug.cgi?id=3058 for link to 
patchs.

For testing, I had a complete guide, but bugzilla decided to throw it away,
so I will rather let people do their own research on the web and find one
of the numerous radvd tutorial. Using rdisc6 and radvd, and 2 linux
computers should be enough ( 2 vm would do the trick ).

x86_64

Before
------
So far..

# service radvd start
Starting IPv6 rtr adv daemon: [Oct 16 12:16:00] radvd: IPv6 forwarding seems to be disabled, exiting
                                                                [FAILED]
 Enabling in MCC seems to have no affect.

# cat /proc/sys/net/ipv6/conf/all/forwarding
0

# echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
# cat /proc/sys/net/ipv6/conf/all/forwarding
1
# service radvd start
Starting IPv6 rtr adv daemon:                                   [  OK  ]

on another computer..

# rdisc6
-bash: rdisc6: command not found
# urpmi rdisc6
No package named rdisc6

# urpmi radvd


    $MIRRORLIST: media/core/release/radvd-1.7-1.mga1.i586.rpm
installing radvd-1.7-1.mga1.i586.rpm from /var/cache/urpmi/rpms                
Preparing...                     #############################################
      1/1: radvd                 #############################################
# rdisc6
-bash: rdisc6: command not found
# urpmq rdisc6
No package named rdisc6

So, where do we find rdisc6??

Hi Claire, rdisc6 is in the package ndisc6. Don't ask me what the different first letters mean :)

Thanks Remmy..

# urpmi ndisc6
No package named ndisc6


Still no luck though! Sophie has never heard of it either.

Is it not in Mageia 1?

Hmm, looks like you are right and it's only in Cauldron:


<remmy> :v ndisc6 -d Mageia
<Sophie> 1.0.1-1.mga2 // core-release (Mga, cauldron, i586)
<Sophie> 1.0.1-1.mga2 // core-release (Mga, cauldron, x86_64)

There's a first time for everything :D

Misc can you please let us know how to check radvd without rdisc6. Or do you wish to provide rdisc6 for mga1?

Thanks.

Assignee: qa-bugs => misc

Testing complete on i586 for the srpm
radvd-1.7-1.1.mga1.src.rpm

I copied rdisc6 from a Mandriva system to a vb guest running mageia 1,
with radvd running on the mageia 1 host.

CC: (none) => davidwhodgins

Well, you can also just use tcpdump , but that will just show the message ( ie, the message about "i am a router, here is the ip address" ).  

Another solution is just to plug a linux computer, and see the ip address with ifconfig ( it may take some time ).

For example :

wlan0     Link encap:Ethernet  HWaddr 00:1C:B3:BE:CF:35  
          inet adr:192.168.15.237  Bcast:192.168.15.255  Masque:255.255.255.0
          adr inet6: 2002:53fe:cd25:4:24c:bc3f:feeb:c35f/64 Scope:Global
          adr inet6: fe80::21c:b3ff:febe:cf35/64 Scope:Lien
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

The first line "adr inet6" is the one that will appear after radvd send the RA ( router announce ). The prefix ( 2002:53fe:cd25:4 ) is the one configured in radvd. 

And regarding ndisc6 and rdisc6, that's just 2 tools, the first one to discover other computer ( think like arp, for ethernet/ipv4 ), and the second for ipv6 router ( ie, something that run radvd, or quagga ).

x86_64

/etc/radvd.conf

        prefix 3ffe:0302:0011:0002::0/64
        {
                AdvOnLink on;
                AdvAutonomous on;
        };

# ifconfig .. shows
eth0    
          inet6 addr: 3ffe:302:11:2:200:f0ff:fe79:2599/64 Scope:Global
          

so it appears to be working.

Update validated.


Advisory
--------------------
Vasiliy Kulikov discovered a number of security vulnerabilities and some
other issues in radvd 1.8.1, and fixed some of them.
Mageia updated radvd for those flaws, and this update include fixes for :
 - CVE-2011-3601, privilege escalation due to a buffer overflow in process_ra()
 - CVE-2011-3602, arbitrary file overwrite
 - CVE-2011-3603, failure to drop privileges
 - CVE-2011-3604, buffer over-read and crashes
 - CVE-2011-3605, temporary DOS in process_rs()
See http://seclists.org/oss-sec/2011/q4/30 for details,
and https://bugs.mageia.org/show_bug.cgi?id=3058 for link to patches.
-----------------------

Source RPM: radvd-1.7-1.1.mga1.src.rpm      


Could sysadmin please push from core/updates_testing to core/updates

Thankyou!

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Update pushed.

Status: NEW => RESOLVED
CC: (none) => tmb
Resolution: (none) => FIXED