EulerOS 2.0 SP1 : libndp (EulerOS-SA-2016-1022)
Medium Nessus Plugin ID 99785
SynopsisThe remote EulerOS host is missing a security update.
DescriptionAccording to the version of the libndp package installed, the EulerOS installation on the remote host is affected by the following vulnerability :
- It was found that libndp did not properly validate and check the origin of Neighbor Discovery Protocol (NDP) messages. An attacker on a non-local network could use this flaw to advertise a node as a router, allowing them to perform man-in-the-middle attacks on a connecting client, or disrupt the network connectivity of that client.(CVE-2016-3698)
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
SolutionUpdate the affected libndp package.