~ubuntu-security/ubuntu-cve-tracker/master : contents of retired/CVE-2011-2393 at revision 13266

~ubuntu-security/ubuntu-cve-tracker/master : (revision 13266)
Candidate: CVE-2011-2393
PublicDate: 2012-02-02
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2393
 http://seclists.org/fulldisclosure/2011/Apr/86
 http://www.mh-sec.de/downloads/mh-RA_flooding_CVE-2010-multiple.txt
Description:
 The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in
 FreeBSD, NetBSD, and possibly other BSD-based operating systems allows
 remote attackers to cause a denial of service (CPU consumption and device
 hang) by sending many Router Advertisement (RA) messages with different
 source addresses, a similar vulnerability to CVE-2010-4670.
Ubuntu-Description:
Notes:
 tyhicks> "Old Linux kernels are also affected, detailed version
  information unknown."
 apw> "Linux: fixed prior 2010"
 apw> algorithm appears unchanged all the way back to hardy, with the
 apw> holding of a single address from RA at any one time, very likely we
 apw> are unaffected but this needs testing
 jdstrand> linux-lts-saucy no longer receives official support
 jdstrand> linux-lts-quantal no longer receives official support
 apw> we have always had an upper limit of addresses for each interface via RA
 apw> so we cannot crash at least, we only accept these from link-local so we
 apw> can only be DOSd by someone on the local link, who can kill us by killing
 apw> the same link.  For this CVE we seemed to be fixed by the first git commit
 apw> so use that as 'fix'.
Bugs:
 https://launchpad.net/bugs/927885
Priority: low
Discovered-by: Marc Heuse
Assigned-to:

Patches_linux:
 break-fix: - 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
upstream_linux: released (2.6.12~rc2)
hardy_linux: ignored (reached end-of-life)
lucid_linux: not-affected (2.6.31-14.48)
maverick_linux: ignored (reached end-of-life)
natty_linux: ignored (reached end-of-life)
oneiric_linux: ignored (reached end-of-life)
precise_linux: not-affected (3.1.0-1.1)
quantal_linux: ignored (was needs-triage now end-of-life)
raring_linux: ignored (was needs-triage now end-of-life)
saucy_linux: ignored (was needs-triage now end-of-life)
trusty_linux: not-affected (3.11.0-12.19)
devel_linux: not-affected (3.13.0-24.46)

Patches_linux-ec2:
upstream_linux-ec2: released (2.6.12~rc2)
hardy_linux-ec2: DNE
lucid_linux-ec2: not-affected (2.6.31-302.7)
maverick_linux-ec2: ignored (binary supplied by "linux" now)
natty_linux-ec2: DNE
oneiric_linux-ec2: DNE
precise_linux-ec2: DNE
quantal_linux-ec2: DNE
raring_linux-ec2: DNE
saucy_linux-ec2: DNE
trusty_linux-ec2: DNE
devel_linux-ec2: DNE

Patches_linux-mvl-dove:
upstream_linux-mvl-dove: released (2.6.12~rc2)
hardy_linux-mvl-dove: DNE
lucid_linux-mvl-dove: ignored (reached end-of-life)
maverick_linux-mvl-dove: ignored (reached end-of-life)
natty_linux-mvl-dove: DNE
oneiric_linux-mvl-dove: DNE
precise_linux-mvl-dove: DNE
quantal_linux-mvl-dove: DNE
raring_linux-mvl-dove: DNE
saucy_linux-mvl-dove: DNE
trusty_linux-mvl-dove: DNE
devel_linux-mvl-dove: DNE

Patches_linux-ti-omap4:
upstream_linux-ti-omap4: released (2.6.12~rc2)
hardy_linux-ti-omap4: DNE
lucid_linux-ti-omap4: DNE
maverick_linux-ti-omap4: ignored (reached end-of-life)
natty_linux-ti-omap4: ignored (reached end-of-life)
oneiric_linux-ti-omap4: ignored (reached end-of-life)
precise_linux-ti-omap4: not-affected (3.0.0-1401.2)
quantal_linux-ti-omap4: ignored (reached end-of-life)
raring_linux-ti-omap4: ignored (reached end-of-life)
saucy_linux-ti-omap4: ignored (reached end-of-life)
trusty_linux-ti-omap4: DNE
devel_linux-ti-omap4: DNE

Patches_linux-lts-backport-maverick:
upstream_linux-lts-backport-maverick: released (2.6.12~rc2)
hardy_linux-lts-backport-maverick: DNE
lucid_linux-lts-backport-maverick: ignored (reached end-of-life)
maverick_linux-lts-backport-maverick: DNE
natty_linux-lts-backport-maverick: DNE
oneiric_linux-lts-backport-maverick: DNE
precise_linux-lts-backport-maverick: DNE
quantal_linux-lts-backport-maverick: DNE
raring_linux-lts-backport-maverick: DNE
saucy_linux-lts-backport-maverick: DNE
trusty_linux-lts-backport-maverick: DNE
devel_linux-lts-backport-maverick: DNE

Patches_linux-fsl-imx51:
upstream_linux-fsl-imx51: released (2.6.12~rc2)
hardy_linux-fsl-imx51: DNE
lucid_linux-fsl-imx51: ignored (reached end-of-life)
maverick_linux-fsl-imx51: DNE
natty_linux-fsl-imx51: DNE
oneiric_linux-fsl-imx51: DNE
precise_linux-fsl-imx51: DNE
quantal_linux-fsl-imx51: DNE
raring_linux-fsl-imx51: DNE
saucy_linux-fsl-imx51: DNE
trusty_linux-fsl-imx51: DNE
devel_linux-fsl-imx51: DNE

Patches_linux-lts-backport-natty:
upstream_linux-lts-backport-natty: released (2.6.12~rc2)
hardy_linux-lts-backport-natty: DNE
lucid_linux-lts-backport-natty: ignored (reached end-of-life)
maverick_linux-lts-backport-natty: DNE
natty_linux-lts-backport-natty: DNE
oneiric_linux-lts-backport-natty: DNE
precise_linux-lts-backport-natty: DNE
quantal_linux-lts-backport-natty: DNE
raring_linux-lts-backport-natty: DNE
saucy_linux-lts-backport-natty: DNE
trusty_linux-lts-backport-natty: DNE
devel_linux-lts-backport-natty: DNE

Patches_linux-lts-backport-oneiric:
upstream_linux-lts-backport-oneiric: released (2.6.12~rc2)
hardy_linux-lts-backport-oneiric: DNE
lucid_linux-lts-backport-oneiric: ignored (reached end-of-life)
maverick_linux-lts-backport-oneiric: DNE
natty_linux-lts-backport-oneiric: DNE
oneiric_linux-lts-backport-oneiric: DNE
precise_linux-lts-backport-oneiric: DNE
quantal_linux-lts-backport-oneiric: DNE
raring_linux-lts-backport-oneiric: DNE
saucy_linux-lts-backport-oneiric: DNE
trusty_linux-lts-backport-oneiric: DNE
devel_linux-lts-backport-oneiric: DNE

Tags_linux-armadaxp: not-ue
Patches_linux-armadaxp:
upstream_linux-armadaxp: released (2.6.12~rc2)
hardy_linux-armadaxp: DNE
lucid_linux-armadaxp: DNE
natty_linux-armadaxp: DNE
oneiric_linux-armadaxp: DNE
precise_linux-armadaxp: not-affected (3.2.0-1600.1)
quantal_linux-armadaxp: not-affected
raring_linux-armadaxp: DNE
saucy_linux-armadaxp: DNE
trusty_linux-armadaxp: DNE
devel_linux-armadaxp: DNE

Tags_linux-lts-quantal: not-ue
Patches_linux-lts-quantal: DNE
upstream_linux-lts-quantal: DNE
hardy_linux-lts-quantal: DNE
lucid_linux-lts-quantal: DNE
oneiric_linux-lts-quantal: DNE
precise_linux-lts-quantal: not-affected (3.5.0-18.29~precise1)
quantal_linux-lts-quantal: DNE
raring_linux-lts-quantal: DNE
saucy_linux-lts-quantal: DNE
trusty_linux-lts-quantal: DNE
devel_linux-lts-quantal: DNE

Patches_linux-lts-raring:
upstream_linux-lts-raring: released (2.6.12~rc2)
hardy_linux-lts-raring: DNE
lucid_linux-lts-raring: DNE
oneiric_linux-lts-raring: DNE
precise_linux-lts-raring: ignored (was needs-triage now end-of-life)
quantal_linux-lts-raring: DNE
raring_linux-lts-raring: DNE
saucy_linux-lts-raring: DNE
trusty_linux-lts-raring: DNE
devel_linux-lts-raring: DNE

Tags_linux-lts-saucy: not-ue
Patches_linux-lts-saucy:
upstream_linux-lts-saucy: released (2.6.12~rc2)
lucid_linux-lts-saucy: DNE
precise_linux-lts-saucy: not-affected (3.11.0-13.20~precise2)
quantal_linux-lts-saucy: DNE
raring_linux-lts-saucy: DNE
saucy_linux-lts-saucy: DNE
trusty_linux-lts-saucy: DNE
devel_linux-lts-saucy: DNE

Patches_linux-goldfish:
upstream_linux-goldfish: released (2.6.12~rc2)
lucid_linux-goldfish: DNE
precise_linux-goldfish: DNE
quantal_linux-goldfish: DNE
saucy_linux-goldfish: ignored
trusty_linux-goldfish: ignored (was needs-triage now end-of-life)
devel_linux-goldfish: not-affected (3.4.0-3.14)

Patches_linux-grouper:
upstream_linux-grouper: released (2.6.12~rc2)
lucid_linux-grouper: DNE
precise_linux-grouper: DNE
quantal_linux-grouper: DNE
saucy_linux-grouper: ignored
trusty_linux-grouper: not-affected
devel_linux-grouper: not-affected

Patches_linux-maguro:
upstream_linux-maguro: released (2.6.12~rc2)
lucid_linux-maguro: DNE
precise_linux-maguro: DNE
quantal_linux-maguro: DNE
saucy_linux-maguro: ignored
trusty_linux-maguro: not-affected
devel_linux-maguro: DNE

Patches_linux-mako:
upstream_linux-mako: released (2.6.12~rc2)
lucid_linux-mako: DNE
precise_linux-mako: DNE
quantal_linux-mako: DNE
saucy_linux-mako: ignored
trusty_linux-mako: ignored (was needs-triage now end-of-life)
devel_linux-mako: not-affected (3.4.0-5.28)

Patches_linux-manta:
upstream_linux-manta: released (2.6.12~rc2)
lucid_linux-manta: DNE
precise_linux-manta: DNE
quantal_linux-manta: DNE
saucy_linux-manta: ignored
trusty_linux-manta: ignored (was needs-triage now end-of-life)
devel_linux-manta: not-affected (3.4.0-6.25)

Patches_linux-flo:
upstream_linux-flo: released (2.6.12~rc2)
lucid_linux-flo: DNE
precise_linux-flo: DNE
quantal_linux-flo: DNE
saucy_linux-flo: DNE
trusty_linux-flo: ignored (was needs-triage now end-of-life)
devel_linux-flo: not-affected (3.4.0-3.10)

Patches_linux-lts-trusty:
upstream_linux-lts-trusty: released (2.6.12~rc2)
lucid_linux-lts-trusty: DNE
precise_linux-lts-trusty: not-affected (3.13.0-24.46~precise1)
saucy_linux-lts-trusty: DNE
trusty_linux-lts-trusty: DNE
devel_linux-lts-trusty: DNE