Detections
Analytics

Debian DSA-2323-1 : radvd - several vulnerabilities

high Nessus Plugin ID 56669

Language:

Synopsis

The remote Debian host is missing a security-related update.

Description

Multiple security issues were discovered by Vasiliy Kulikov in radvd, an IPv6 Router Advertisement daemon :

 - CVE-2011-3602 set_interface_var() function doesn't check the interface name, which is chosen by an unprivileged user. This could lead to an arbitrary file overwrite if the attacker has local access, or specific files overwrites otherwise.

 - CVE-2011-3604 process_ra() function lacks multiple buffer length checks which could lead to memory reads outside the stack, causing a crash of the daemon.

 - CVE-2011-3605 process_rs() function calls mdelay() (a function to wait for a defined time) unconditionnally when running in unicast-only mode. As this call is in the main thread, that means all request processing is delayed (for a time up to MAX_RA_DELAY_TIME, 500 ms by default). An attacker could flood the daemon with router solicitations in order to fill the input queue, causing a temporary denial of service (processing would be stopped during all the mdelay() calls). Note: upstream and Debian default is to use anycast mode.

Solution

Upgrade the radvd packages.

For the oldstable distribution (lenny), this problem has been fixed in version 1:1.1-3.1.

For the stable distribution (squeeze), this problem has been fixed in version 1:1.6-1.1.

See Also

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=644614

https://security-tracker.debian.org/tracker/CVE-2011-3602

https://security-tracker.debian.org/tracker/CVE-2011-3604

https://security-tracker.debian.org/tracker/CVE-2011-3605

https://packages.debian.org/source/squeeze/radvd

https://www.debian.org/security/2011/dsa-2323

Plugin Details

Severity: High

ID: 56669

File Name: debian_DSA-2323.nasl

Version: 1.13

Type: local

Agent: unix

Published: 10/31/2011

Updated: 1/11/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:radvd, cpe:/o:debian:debian_linux:5.0, cpe:/o:debian:debian_linux:6.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Ease: No known exploits are available

Patch Publication Date: 10/26/2011

Reference Information

CVE: CVE-2011-3602, CVE-2011-3604, CVE-2011-3605

BID: 50395

DSA: 2323