CVE-2015-0272

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2015-0272
GNOME NetworkManager allows remote attackers to cause a denial of service (IPv6 traffic disruption) via a crafted MTU value in an IPv6 Router Advertisement (RA) message, a different vulnerability than CVE-2015-8215.

5.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References
Link Resource
http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=d5fc88e573fa58b93034b04d35a2454f5d28cad9 Issue Tracking Patch Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00035.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00005.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00018.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00026.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00031.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00013.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html Mailing List Third Party Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html Third Party Advisory
http://www.securityfocus.com/bid/76814 Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/USN-2792-1 Mailing List Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1192132 Issue Tracking Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:gnome:networkmanager:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp2:*:*:*:*:*:*
cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp3:*:*:*:*:*:*
cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp4:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:11:sp4:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:12:-:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:12:sp1:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_real_time_extension:11:sp3:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_real_time_extension:11:sp4:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:-:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:-:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:12:-:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:12:sp1:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp3:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp4:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:-:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp1:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:sp1:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*

Configuration 4 (hide)

cpe:2.3:o:oracle:linux:7:-:*:*:*:*:*:*
History

13 Feb 2023, 00:46

Type Values Removed Values Added
Summary It was discovered that NetworkManager would set device MTUs based on MTU values received in IPv6 RAs (Router Advertisements), without sanity checking the MTU value first. A remote attacker could exploit this flaw to create a denial of service attack, by sending a specially crafted IPv6 RA packet to disturb IPv6 communication. GNOME NetworkManager allows remote attackers to cause a denial of service (IPv6 traffic disruption) via a crafted MTU value in an IPv6 Router Advertisement (RA) message, a different vulnerability than CVE-2015-8215.
References
  • {'url': 'https://access.redhat.com/security/cve/CVE-2015-0272', 'name': 'https://access.redhat.com/security/cve/CVE-2015-0272', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/errata/RHSA-2015:2315', 'name': 'https://access.redhat.com/errata/RHSA-2015:2315', 'tags': [], 'refsource': 'MISC'}

02 Feb 2023, 20:20

Type Values Removed Values Added
References
  • (MISC) https://access.redhat.com/security/cve/CVE-2015-0272 -
  • (MISC) https://access.redhat.com/errata/RHSA-2015:2315 -
Summary GNOME NetworkManager allows remote attackers to cause a denial of service (IPv6 traffic disruption) via a crafted MTU value in an IPv6 Router Advertisement (RA) message, a different vulnerability than CVE-2015-8215. It was discovered that NetworkManager would set device MTUs based on MTU values received in IPv6 RAs (Router Advertisements), without sanity checking the MTU value first. A remote attacker could exploit this flaw to create a denial of service attack, by sending a specially crafted IPv6 RA packet to disturb IPv6 communication.

02 Nov 2021, 17:15

Type Values Removed Values Added
CWE CWE-20 NVD-CWE-noinfo
CPE cpe:2.3:a:gnome:networkmanager:-:*:*:*:*:*:*:* cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:sp1:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp4:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp1:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:12:sp1:*:*:*:*:*:*
cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp4:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:11:sp4:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*
cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp3:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*
cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp2:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:12:-:*:*:*:*:*:*
cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp3:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
cpe:2.3:o:suse:linux_enterprise_real_time_extension:11:sp3:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:-:*:*
cpe:2.3:o:oracle:linux:7:-:*:*:*:*:*:*
cpe:2.3:a:gnome:networkmanager:*:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:12:-:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:-:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:12:sp1:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*
cpe:2.3:o:suse:linux_enterprise_real_time_extension:11:sp4:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:-:*:*:*:*:*:*
References (SUSE) http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00031.html - (SUSE) http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00031.html - Mailing List, Third Party Advisory
References (SUSE) http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html - (SUSE) http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html - Mailing List, Third Party Advisory
References (CONFIRM) https://bugzilla.redhat.com/show_bug.cgi?id=1192132 - Issue Tracking (CONFIRM) https://bugzilla.redhat.com/show_bug.cgi?id=1192132 - Issue Tracking, Third Party Advisory
References (SUSE) http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00005.html - (SUSE) http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00005.html - Mailing List, Third Party Advisory
References (SUSE) http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00013.html - (SUSE) http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00013.html - Mailing List, Third Party Advisory
References (UBUNTU) http://www.ubuntu.com/usn/USN-2792-1 - (UBUNTU) http://www.ubuntu.com/usn/USN-2792-1 - Mailing List, Third Party Advisory
References (CONFIRM) http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=d5fc88e573fa58b93034b04d35a2454f5d28cad9 - Issue Tracking, Patch (CONFIRM) http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=d5fc88e573fa58b93034b04d35a2454f5d28cad9 - Issue Tracking, Patch, Third Party Advisory
References (SUSE) http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00035.html - (SUSE) http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00035.html - Mailing List, Third Party Advisory
References (CONFIRM) http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html - (CONFIRM) http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html - Third Party Advisory
References (SUSE) http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00018.html - (SUSE) http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00018.html - Mailing List, Third Party Advisory
References (SUSE) http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00026.html - (SUSE) http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00026.html - Mailing List, Third Party Advisory
Information

Published : 2015-11-17 15:59

Updated : 2023-12-10 11:46

NVD link : CVE-2015-0272

Mitre link : CVE-2015-0272

CVE.ORG link : CVE-2015-0272

JSON object : View

Products Affected

suse

  • linux_enterprise_desktop
  • linux_enterprise_real_time_extension
  • linux_enterprise_software_development_kit
  • linux_enterprise_server
  • linux_enterprise_debuginfo
  • linux_enterprise_workstation_extension

gnome

  • networkmanager

oracle

  • linux

canonical

  • ubuntu_linux
CWE
NVD-CWE-noinfo