Your submission was sent successfully! Close

CVE-2011-2393

Published: 2 February 2012

The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in FreeBSD, NetBSD, and possibly other BSD-based operating systems allows remote attackers to cause a denial of service (CPU consumption and device hang) by sending many Router Advertisement (RA) messages with different source addresses, a similar vulnerability to CVE-2010-4670.

Priority

Low

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian
hardy Ignored
(reached end-of-life)
lucid Not vulnerable
(2.6.31-14.48)
maverick Ignored
(reached end-of-life)
natty Ignored
(reached end-of-life)
oneiric Ignored
(reached end-of-life)
precise Not vulnerable
(3.1.0-1.1)
quantal Ignored
(was needs-triage now end-of-life)
raring Ignored
(was needs-triage now end-of-life)
saucy Ignored
(was needs-triage now end-of-life)
trusty Not vulnerable
(3.11.0-12.19)
upstream
Released (2.6.12~rc2)
utopic Not vulnerable
(3.13.0-24.46)
linux-armadaxp
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Does not exist

natty Does not exist

oneiric Does not exist

precise Not vulnerable
(3.2.0-1600.1)
quantal Not vulnerable

raring Does not exist

saucy Does not exist

trusty Does not exist

upstream
Released (2.6.12~rc2)
utopic Does not exist

linux-ec2
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Not vulnerable
(2.6.31-302.7)
maverick Ignored
(binary supplied by "linux" now)
natty Does not exist

oneiric Does not exist

precise Does not exist

quantal Does not exist

raring Does not exist

saucy Does not exist

trusty Does not exist

upstream
Released (2.6.12~rc2)
utopic Does not exist

linux-flo
Launchpad, Ubuntu, Debian
lucid Does not exist

precise Does not exist

quantal Does not exist

saucy Does not exist

trusty Does not exist
(trusty was ignored [was needs-triage now end-of-life])
upstream
Released (2.6.12~rc2)
utopic Not vulnerable
(3.4.0-3.10)
linux-fsl-imx51
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Ignored
(reached end-of-life)
maverick Does not exist

natty Does not exist

oneiric Does not exist

precise Does not exist

quantal Does not exist

raring Does not exist

saucy Does not exist

trusty Does not exist

upstream
Released (2.6.12~rc2)
utopic Does not exist

linux-goldfish
Launchpad, Ubuntu, Debian
lucid Does not exist

precise Does not exist

quantal Does not exist

saucy Ignored

trusty Does not exist
(trusty was ignored [was needs-triage now end-of-life])
upstream
Released (2.6.12~rc2)
utopic Not vulnerable
(3.4.0-3.14)
linux-grouper
Launchpad, Ubuntu, Debian
lucid Does not exist

precise Does not exist

quantal Does not exist

saucy Ignored

trusty Does not exist
(trusty was not-affected)
upstream
Released (2.6.12~rc2)
utopic Not vulnerable

linux-lts-backport-maverick
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Ignored
(reached end-of-life)
maverick Does not exist

natty Does not exist

oneiric Does not exist

precise Does not exist

quantal Does not exist

raring Does not exist

saucy Does not exist

trusty Does not exist

upstream
Released (2.6.12~rc2)
utopic Does not exist

linux-lts-backport-natty
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Ignored
(reached end-of-life)
maverick Does not exist

natty Does not exist

oneiric Does not exist

precise Does not exist

quantal Does not exist

raring Does not exist

saucy Does not exist

trusty Does not exist

upstream
Released (2.6.12~rc2)
utopic Does not exist

linux-lts-backport-oneiric
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Ignored
(reached end-of-life)
maverick Does not exist

natty Does not exist

oneiric Does not exist

precise Does not exist

quantal Does not exist

raring Does not exist

saucy Does not exist

trusty Does not exist

upstream
Released (2.6.12~rc2)
utopic Does not exist

linux-lts-quantal
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Does not exist

oneiric Does not exist

precise Not vulnerable
(3.5.0-18.29~precise1)
quantal Does not exist

raring Does not exist

saucy Does not exist

trusty Does not exist

upstream
Released (2.6.12~rc2)
utopic Does not exist

linux-lts-raring
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Does not exist

oneiric Does not exist

precise Ignored
(was needs-triage now end-of-life)
quantal Does not exist

raring Does not exist

saucy Does not exist

trusty Does not exist

upstream
Released (2.6.12~rc2)
utopic Does not exist

linux-lts-saucy
Launchpad, Ubuntu, Debian
lucid Does not exist

precise Not vulnerable
(3.11.0-13.20~precise2)
quantal Does not exist

raring Does not exist

saucy Does not exist

trusty Does not exist

upstream
Released (2.6.12~rc2)
utopic Does not exist

linux-lts-trusty
Launchpad, Ubuntu, Debian
lucid Does not exist

precise Not vulnerable
(3.13.0-24.46~precise1)
saucy Does not exist

trusty Does not exist

upstream
Released (2.6.12~rc2)
utopic Does not exist

linux-maguro
Launchpad, Ubuntu, Debian
lucid Does not exist

precise Does not exist

quantal Does not exist

saucy Ignored

trusty Does not exist
(trusty was not-affected)
upstream
Released (2.6.12~rc2)
utopic Does not exist

linux-mako
Launchpad, Ubuntu, Debian
lucid Does not exist

precise Does not exist

quantal Does not exist

saucy Ignored

trusty Does not exist
(trusty was ignored [was needs-triage now end-of-life])
upstream
Released (2.6.12~rc2)
utopic Not vulnerable
(3.4.0-5.28)
linux-manta
Launchpad, Ubuntu, Debian
lucid Does not exist

precise Does not exist

quantal Does not exist

saucy Ignored

trusty Does not exist
(trusty was ignored [was needs-triage now end-of-life])
upstream
Released (2.6.12~rc2)
utopic Not vulnerable
(3.4.0-6.25)
linux-mvl-dove
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Ignored
(reached end-of-life)
maverick Ignored
(reached end-of-life)
natty Does not exist

oneiric Does not exist

precise Does not exist

quantal Does not exist

raring Does not exist

saucy Does not exist

trusty Does not exist

upstream
Released (2.6.12~rc2)
utopic Does not exist

linux-ti-omap4
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Does not exist

maverick Ignored
(reached end-of-life)
natty Ignored
(reached end-of-life)
oneiric Ignored
(reached end-of-life)
precise Not vulnerable
(3.0.0-1401.2)
quantal Ignored
(reached end-of-life)
raring Ignored
(reached end-of-life)
saucy Ignored
(reached end-of-life)
trusty Does not exist

upstream
Released (2.6.12~rc2)
utopic Does not exist

Notes

AuthorNote
tyhicks
"Old Linux kernels are also affected, detailed version
information unknown."
apw
"Linux: fixed prior 2010"
algorithm appears unchanged all the way back to hardy, with the
holding of a single address from RA at any one time, very likely we
are unaffected but this needs testing
jdstrand
linux-lts-saucy no longer receives official support
linux-lts-quantal no longer receives official support
apw
we have always had an upper limit of addresses for each interface via RA
so we cannot crash at least, we only accept these from link-local so we
can only be DOSd by someone on the local link, who can kill us by killing
the same link.  For this CVE we seemed to be fixed by the first git commit
so use that as 'fix'.

References

Bugs