CVSS: 3.3EPSS: 1%CPEs: 1EXPL: 0CVE-2015-2924 – NetworkManager: denial of service (DoS) attack against IPv6 network stacks due to improper handling of Router Advertisements
https://notcve.org/view.php?id=CVE-2015-2924
The receive_ra function in rdisc/nm-lndp-rdisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in NetworkManager 1.x allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message, a similar issue to CVE-2015-2922. La función receive_ra en rdisc/nm-lndp-rdisc.c en la implementación del protocolo Neighbor Discovery (ND) en la pila IPv6 en NetworkManager 1.x permite a atacantes remotos reconfigurar un ajuste de límite de salto a través de un valor hop_limit pequeño en un mensaje Router Advertisement (RA), un problema similar a CVE-2015-2922. A flaw was found in the way NetworkManager handled router advertisements. An unprivileged user on a local network could use IPv6 Neighbor Discovery ICMP to broadcast a non-route with a low hop limit, causing machines to lower the hop limit on existing IPv6 routes. If this limit is small enough, IPv6 packets would be dropped before reaching the final destination. • http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157803.html http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158103.html http://openwall.com/lists/oss-security/2015/04/04/2 http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http://www.securityfocus.com/bid/76879 https://security.gentoo.org/glsa/201509-05 https://access.redhat.com/security/cve/CVE-2015-2924 https://bugzilla.redhat.com/show_bug.cgi?id=1209902 • CWE-20: Improper Input Validation CWE-358: Improperly Implemented Security Check for Standard •
CVSS: 5.0EPSS: 2%CPEs: 25EXPL: 0CVE-2015-0272 – NetworkManager: remote DoS using IPv6 RA with bogus MTU
https://notcve.org/view.php?id=CVE-2015-0272
GNOME NetworkManager allows remote attackers to cause a denial of service (IPv6 traffic disruption) via a crafted MTU value in an IPv6 Router Advertisement (RA) message, a different vulnerability than CVE-2015-8215. NOME NetworkManager permite a atacantes remotos causar una denegación de servicio (interrupción del tráfico IPv6) a través de un valor MTU manipulado en un mensaje Router Advertisement (RA) IPv6, una vulnerabilidad diferente a CVE-2015-8215. It was discovered that NetworkManager would set device MTUs based on MTU values received in IPv6 RAs (Router Advertisements), without sanity checking the MTU value first. A remote attacker could exploit this flaw to create a denial of service attack, by sending a specially crafted IPv6 RA packet to disturb IPv6 communication. • http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=d5fc88e573fa58b93034b04d35a2454f5d28cad9 http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00035.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00018.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00031.html http://lists.opensuse.org/opensuse-security&# • CWE-20: Improper Input Validation •
CVSS: 6.9EPSS: 0%CPEs: 4EXPL: 2CVE-2011-3364 – NetworkManager: Console user can escalate to root via newlines in ifcfg-rh connection name
https://notcve.org/view.php?id=CVE-2011-3364
Incomplete blacklist vulnerability in the svEscape function in settings/plugins/ifcfg-rh/shvar.c in the ifcfg-rh plug-in for GNOME NetworkManager 0.9.1, 0.9.0, 0.8.1, and possibly other versions, when PolicyKit is configured to allow users to create new connections, allows local users to execute arbitrary commands via a newline character in the name for a new network connection, which is not properly handled when writing to the ifcfg file. Vulnerabilidad de lista negra incompleta en la función svEscape en el fichero settings/plugins/ifcfg-rh/shvar.c del complemento ifcfg-rh para GNOME NetworkManager v0.9.1, v0.9.0, v0.8.1 y posiblemente otras versiones, cuando PolicyKit esta configurado para permitir a los usuarios crear nuevas conexiones, permite a usuarios locales ejecutar comandos de su elección a través de un carácter de nueva línea en el nombre de una nueva conexión de red, el cual no correctamente tratado al escribir en el fichero ifcfg. • http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066828.html http://www.mandriva.com/security/advisories?name=MDVSA-2011:171 http://www.redhat.com/support/errata/RHSA-2011-1338.html http://xorl.wordpress.com/2011/10/09/cve-2011-3364-gnome-networkmanager-local-privilege-escalation https://bugzilla.redhat.com/show_bug.cgi?id=737338 https://access.redhat.com/security/cve/CVE-2011-3364 •