Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.1
CVSSv3

CVE-2016-3698

Published: 13/06/2016 Updated: 12/02/2023
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.1 | Impact Score: 5.9 | Exploitability Score: 2.2
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Redhat

Vulnerability Summary

libndp prior to 1.6, as used in NetworkManager, does not properly validate the origin of Neighbor Discovery Protocol (NDP) messages, which allows remote malicious users to conduct man-in-the-middle attacks or cause a denial of service (network connectivity disruption) by advertising a node as a router from a non-local network.

Vulnerable Product Search on Vulmon Subscribe to Product

redhat enterprise linux desktop 7.0

redhat enterprise linux server aus 7.2

redhat enterprise linux workstation 7.0

redhat enterprise linux server 7.0

redhat enterprise linux hpc node 7.0

redhat enterprise linux server eus 7.2

redhat enterprise linux hpc node eus 7.2

libndp libndp

debian debian linux 8.0

canonical ubuntu linux 16.04

canonical ubuntu linux 15.10

Vendor Advisories

Debian CVElist Bug Report Logs: libndp: CVE-2016-3698: denial of service due to insufficient validation of source of NDP messages
Debian Bug report logs - #824545 libndp: CVE-2016-3698: denial of service due to insufficient validation of source of NDP messages Package: src:libndp; Maintainer for src:libndp is Andrew Ayer <agwa@andrewayername>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 17 May 2016 11:09:01 UTC Severity: i ...
Ubuntu Security Notice: libndp vulnerability
libndp could be tricked into accepting an NDP message from outside the local network ...
Debian Security Advisories: DSA-3581-1 libndp -- security update
Julien Bernard discovered that libndp, a library for the IPv6 Neighbor Discovery Protocol, does not properly perform input and origin checks during the reception of a NDP message An attacker in a non-local network could use this flaw to advertise a node as a router, and cause a denial of service attack, or act as a man-in-the-middle For the stabl ...

References

CWE-284https://github.com/jpirko/libndp/commit/2af9a55b38b55abbf05fd116ec097d4029115839https://rhn.redhat.com/errata/RHSA-2016-1086.htmlhttp://www.openwall.com/lists/oss-security/2016/05/17/9http://www.debian.org/security/2016/dsa-3581https://github.com/jpirko/libndp/commit/a4892df306e0532487f1634ba6d4c6d4bb381c7fhttp://www.ubuntu.com/usn/USN-2980-1http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.htmlhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=824545https://usn.ubuntu.com/2980-1/https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322administrator privilegesCVE-2024-1579hardcodedCVE-2023-20198CVE-2024-33587CVE-2024-33449CVE-2024-4308HTML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook