libndp 'ndp_msg_opt_dnssl_domain()' Function Buffer Overflow Vulnerability
BID:68945
Info
libndp 'ndp_msg_opt_dnssl_domain()' Function Buffer Overflow Vulnerability
| Bugtraq ID: | 68945 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2014-3554 |
| Remote: | Yes |
| Local: | No |
| Published: | Jul 09 2014 12:00AM |
| Updated: | Apr 13 2015 09:17PM |
| Credit: | Andrew Ayer |
| Vulnerable: |
Jiri Pirko libndp 0 |
| Not Vulnerable: | |
Discussion
libndp 'ndp_msg_opt_dnssl_domain()' Function Buffer Overflow Vulnerability
libndp is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary-checks on user-supplied data.
An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts may result in a denial-of-service condition.
libndp is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary-checks on user-supplied data.
An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts may result in a denial-of-service condition.
Exploit / POC
libndp 'ndp_msg_opt_dnssl_domain()' Function Buffer Overflow Vulnerability
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
libndp 'ndp_msg_opt_dnssl_domain()' Function Buffer Overflow Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
libndp 'ndp_msg_opt_dnssl_domain()' Function Buffer Overflow Vulnerability
References:
References:
- [PATCH] libndp: fix buffer overflow in ndp_msg_opt_dnssl_domain() (Red Hat Bugzilla)
- Bug 1118583 - (CVE-2014-3554) CVE-2014-3554 libndp: buffer overflow flaw in DNS (Red Hat Bugzilla)
- libndp Homepage (Jiri Pirko)