CVE-2016-3698
libndp before 1.6, as used in NetworkManager, does not properly validate the origin of Neighbor Discovery Protocol (NDP) messages, which allows remote attackers to conduct man-in-the-middle attacks or cause a denial of service (network connectivity disruption) by advertising a node as a router from a non-local network.
| Software | From | Fixed in |
|---|---|---|
| redhat / enterprise_linux_desktop | 7.0 | 7.0.x |
| redhat / enterprise_linux_server_aus | 7.2 | 7.2.x |
| redhat / enterprise_linux_workstation | 7.0 | 7.0.x |
| redhat / enterprise_linux_server | 7.0 | 7.0.x |
| redhat / enterprise_linux_hpc_node | 7.0 | 7.0.x |
| redhat / enterprise_linux_server_eus | 7.2 | 7.2.x |
| redhat / enterprise_linux_hpc_node_eus | 7.2 | 7.2.x |
| libndp / libndp | - | 1.5.x |
| debian / debian_linux | 8.0 | 8.0.x |
| canonical / ubuntu_linux | 16.04 | 16.04.x |
| canonical / ubuntu_linux | 15.10 | 15.10.x |
- http://www.debian.org/security/2016/dsa-3581
- http://www.openwall.com/lists/oss-security/2016/05/17/9
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
- http://www.ubuntu.com/usn/USN-2980-1
- https://github.com/jpirko/libndp/commit/2af9a55b38b55abbf05fd116ec097d4029115839
- https://github.com/jpirko/libndp/commit/a4892df306e0532487f1634ba6d4c6d4bb381c7f
- https://rhn.redhat.com/errata/RHSA-2016-1086.html
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime