CVE-2015-2922

Severity

32%

Complexity

65%

Confidentiality

48%

The ndisc_router_discovery function in net/ipv6/ndisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in the Linux kernel before 3.19.6 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message.

The ndisc_router_discovery function in net/ipv6/ndisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in the Linux kernel before 3.19.6 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message.

CVSS 2.0 Base Score 3.3. CVSS Attack Vector: adjacent_network. CVSS Attack Complexity: low. CVSS Vector: (AV:A/AC:L/Au:N/C:N/I:N/A:P).

Overview

First reported 9 years ago

2015-05-27 10:59:00

Last updated 7 years ago

2018-01-05 02:30:00

Affected Software

Linux Kernel

Fedora 20

20

Fedora 21

21

Fedora 22

22

Oracle Solaris 11.3

11.3

RedHat Enterprise MRG 2.5

2.5

Debian Linux 7.0

7.0

Debian Linux 8.0 (Jessie)

8.0

References

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6fd99094de2b83d1d4c8457f2c83483b2828e75a

Patch

FEDORA-2015-6294

Third Party Advisory

FEDORA-2015-6320

Third Party Advisory

FEDORA-2015-6100

Third Party Advisory

SUSE-SU-2015:1224

openSUSE-SU-2015:1382

SUSE-SU-2015:1478

RHSA-2015:1221

RHSA-2015:1534

RHSA-2015:1564

Third Party Advisory

DSA-3237

Third Party Advisory

http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.19.6

Exploit, Vendor Advisory

[oss-security] 20150404 Re: CVE Request : IPv6 Hop limit lowering via RA messages

Exploit

http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

Third Party Advisory

http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

Third Party Advisory

74315

1032417

https://bugzilla.redhat.com/show_bug.cgi?id=1203712

Issue Tracking

https://github.com/torvalds/linux/commit/6fd99094de2b83d1d4c8457f2c83483b2828e75a

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.