libndp before 1.6, as used in NetworkManager, does not properly validate the origin of Neighbor Discovery Protocol (NDP) messages, which allows remote attackers to conduct man-in-the-middle attacks or cause a denial of service (network connectivity disruption) by advertising a node as a router from a non-local network.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
History
12 Feb 2023, 23:18
Type | Values Removed | Values Added |
---|---|---|
Summary | libndp before 1.6, as used in NetworkManager, does not properly validate the origin of Neighbor Discovery Protocol (NDP) messages, which allows remote attackers to conduct man-in-the-middle attacks or cause a denial of service (network connectivity disruption) by advertising a node as a router from a non-local network. | |
References |
|
02 Feb 2023, 21:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | It was found that libndp did not properly validate and check the origin of Neighbor Discovery Protocol (NDP) messages. An attacker on a non-local network could use this flaw to advertise a node as a router, allowing them to perform man-in-the-middle attacks on a connecting client, or disrupt the network connectivity of that client. |
Information
Published : 2016-06-13 19:59
Updated : 2023-12-10 11:46
NVD link : CVE-2016-3698
Mitre link : CVE-2016-3698
CVE.ORG link : CVE-2016-3698
JSON object : View
Products Affected
redhat
- enterprise_linux_server
- enterprise_linux_desktop
- enterprise_linux_hpc_node
- enterprise_linux_workstation
- enterprise_linux_server_eus
- enterprise_linux_hpc_node_eus
- enterprise_linux_server_aus
libndp
- libndp
canonical
- ubuntu_linux
debian
- debian_linux
CWE
CWE-284
Improper Access Control