Summary
Ubuntu Update for Linux kernel vulnerabilities USN-1257-1
Solution
Please Install the Updated Packages.
Insight
Vasiliy Kulikov discovered that radvd incorrectly parsed the ND_OPT_DNSSL_INFORMATION option. A remote attacker could exploit this with a specially-crafted request and cause the radvd daemon to crash, or possibly execute arbitrary code. The default compiler options for affected releases should reduce the vulnerability to a denial of service. This issue only affected Ubuntu 11.04 and 11.10. (CVE-2011-3601)
Vasiliy Kulikov discovered that radvd incorrectly filtered interface names when creating certain files. A local attacker could exploit this to overwrite certain files on the system, bypassing intended permissions.
(CVE-2011-3602)
Vasiliy Kulikov discovered that radvd incorrectly handled certain lengths.
A remote attacker could exploit this to cause the radvd daemon to crash, resulting in a denial of service. (CVE-2011-3604)
Vasiliy Kulikov discovered that radvd incorrectly handled delays when used in unicast mode, which is not the default in Ubuntu. If used in unicast mode, a remote attacker could cause radvd outages, resulting in a denial of service. (CVE-2011-3605)
Affected
radvd on Ubuntu 11.04 ,
Ubuntu 10.10 ,
Ubuntu 10.04 LTS
Severity
Classification
-
CVE CVE-2011-3601, CVE-2011-3602, CVE-2011-3604, CVE-2011-3605 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Ubuntu Update for apturl, Epiphany, gecko-sharp, gnome-python-extras, liferea, rhythmbox, totem, ubufox, yelp update USN-930-2
- Ubuntu Update for Firefox 3.0 and Xulrunner vulnerabilities USN-920-1
- Ubuntu Update for cupsys vulnerabilities USN-656-1
- Ubuntu Update for cupsys vulnerability USN-539-1
- Ubuntu Update for devscripts USN-1366-1