Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title radvd vulnerabilities
Informations
Name USN-1257-1 First vendor Publication 2011-11-10
Vendor Ubuntu Last vendor Modification 2011-11-10
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 7.5 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.10 - Ubuntu 10.04 LTS

Summary:

radvd could be made to crash or overwrite certain files if it received specially crafted network traffic.

Software Description: - radvd: Router Advertisement Daemon

Details:

Vasiliy Kulikov discovered that radvd incorrectly parsed the ND_OPT_DNSSL_INFORMATION option. A remote attacker could exploit this with a specially-crafted request and cause the radvd daemon to crash, or possibly execute arbitrary code. The default compiler options for affected releases should reduce the vulnerability to a denial of service. This issue only affected Ubuntu 11.04 and 11.10. (CVE-2011-3601)

Vasiliy Kulikov discovered that radvd incorrectly filtered interface names when creating certain files. A local attacker could exploit this to overwrite certain files on the system, bypassing intended permissions. (CVE-2011-3602)

Vasiliy Kulikov discovered that radvd incorrectly handled certain lengths. A remote attacker could exploit this to cause the radvd daemon to crash, resulting in a denial of service. (CVE-2011-3604)

Vasiliy Kulikov discovered that radvd incorrectly handled delays when used in unicast mode, which is not the default in Ubuntu. If used in unicast mode, a remote attacker could cause radvd outages, resulting in a denial of service. (CVE-2011-3605)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 11.10:
radvd 1:1.8-1ubuntu0.1

Ubuntu 11.04:
radvd 1:1.7-1ubuntu0.1

Ubuntu 10.10:
radvd 1:1.6-1ubuntu0.1

Ubuntu 10.04 LTS:
radvd 1:1.3-1.1ubuntu0.1

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1257-1
CVE-2011-3601, CVE-2011-3602, CVE-2011-3604, CVE-2011-3605

Package Information:
https://launchpad.net/ubuntu/+source/radvd/1:1.8-1ubuntu0.1
https://launchpad.net/ubuntu/+source/radvd/1:1.7-1ubuntu0.1
https://launchpad.net/ubuntu/+source/radvd/1:1.6-1ubuntu0.1
https://launchpad.net/ubuntu/+source/radvd/1:1.3-1.1ubuntu0.1

Original Source

Url : http://www.ubuntu.com/usn/USN-1257-1

CWE : Common Weakness Enumeration

% Id Name
50 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
25 % CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25)
25 % CWE-20 Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:14652
 
Oval ID: oval:org.mitre.oval:def:14652
Title: USN-1257-1 -- radvd vulnerabilities
Description: radvd: Router Advertisement Daemon radvd could be made to crash or overwrite certain files if it received specially crafted network traffic.
Family: unix Class: patch
Reference(s): USN-1257-1
CVE-2011-3601
CVE-2011-3602
CVE-2011-3604
CVE-2011-3605
 Version: 5
Platform(s): Ubuntu 11.04
Ubuntu 11.10
Ubuntu 10.04
Ubuntu 10.10
 Product(s): radvd
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15181
 
Oval ID: oval:org.mitre.oval:def:15181
Title: DSA-2323-1 radvd -- several
Description: Multiple security issues were discovered by Vasiliy Kulikov in radvd, an IPv6 Router Advertisement daemon: CVE-2011-3602 set_interface_var function doesnt check the interface name, which is chosen by an unprivileged user. This could lead to an arbitrary file overwrite if the attacker has local access, or specific files overwrites otherwise. CVE-2011-3604 process_ra function lacks multiple buffer length checks which could lead to memory reads outside the stack, causing a crash of the daemon. CVE-2011-3605 process_rs function calls mdelay unconditionnally when running in unicast-only mode. As this call is in the main thread, that means all request processing is delayed. An attacked could flood the daemon with router solicitations in order to fill the input queue, causing a temporary denial of service. Note: upstream and Debian default is to use anycast mode.
Family: unix Class: patch
Reference(s): DSA-2323-1
CVE-2011-3602
CVE-2011-3604
CVE-2011-3605
 Version: 7
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
 Product(s): radvd
Definition Synopsis:

OpenVAS Exploits

Date Description
2012-04-02 Name : Fedora Update for radvd FEDORA-2011-13989
File : nvt/gb_fedora_2011_13989_radvd_fc16.nasl
2012-02-12 Name : Gentoo Security Advisory GLSA 201111-08 (radvd)
File : nvt/glsa_201111_08.nasl
2012-02-11 Name : Debian Security Advisory DSA 2323-1 (radvd)
File : nvt/deb_2323_1.nasl
2011-11-11 Name : Ubuntu Update for radvd USN-1257-1
File : nvt/gb_ubuntu_USN_1257_1.nasl
2011-10-31 Name : Fedora Update for radvd FEDORA-2011-14000
File : nvt/gb_fedora_2011_14000_radvd_fc14.nasl
2011-10-31 Name : Fedora Update for radvd FEDORA-2011-14022
File : nvt/gb_fedora_2011_14022_radvd_fc15.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
76131 radvd process_rs() Function mdelay() Call ND_ROUTER_SOLICIT Saturation DoS
76130 radvd process.c process_ra() Function len() Check Weakness Out-of-bounds Read...
76128 radvd device-linux.c set_interface_var() Function Symlink / Traversal Local A...
76127 radvd process.c process_ra() Function ND_OPT_DNSSL_INFORMATION Option Parsing...

Nessus® Vulnerability Scanner

Date Description
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_radvd-111021.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_4_radvd-111021.nasl - Type : ACT_GATHER_INFO
2011-12-13 Name : The remote SuSE 11 host is missing a security update.
File : suse_11_radvd-111109.nasl - Type : ACT_GATHER_INFO
2011-12-13 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_radvd-7824.nasl - Type : ACT_GATHER_INFO
2011-11-22 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201111-08.nasl - Type : ACT_GATHER_INFO
2011-11-11 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1257-1.nasl - Type : ACT_GATHER_INFO
2011-11-07 Name : The remote Fedora host is missing a security update.
File : fedora_2011-13989.nasl - Type : ACT_GATHER_INFO
2011-10-31 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2323.nasl - Type : ACT_GATHER_INFO
2011-10-27 Name : The remote Fedora host is missing a security update.
File : fedora_2011-14000.nasl - Type : ACT_GATHER_INFO
2011-10-27 Name : The remote Fedora host is missing a security update.
File : fedora_2011-14022.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
3
Date Informations
2014-04-28 13:25:38
  • Multiple Updates
2014-02-18 21:25:07
  • Multiple Updates
2014-02-17 21:24:38
  • Multiple Updates
2014-02-17 11:59:13
  • Multiple Updates