CVE-2013-4125
Published: 15 July 2013
The fib6_add_rt2node function in net/ipv6/ip6_fib.c in the IPv6 stack in the Linux kernel through 3.10.1 does not properly handle Router Advertisement (RA) messages in certain circumstances involving three routes that initially qualified for membership in an ECMP route set until a change occurred for one of the first two routes, which allows remote attackers to cause a denial of service (system crash) via a crafted sequence of messages.
From the Ubuntu security team
Hannes Frederic Sowa discovered that the Linux kernel's IPv6 stack does not correctly handle Router Advertisement (RA) message in some cases. A remote attacker could exploit this flaw to cause a denial of service (system crash).
Priority
Medium
Status
| Package | Release | Status |
|---|---|---|
|
linux Launchpad, Ubuntu, Debian |
upstream |
Released
(3.11~rc1)
|
|
linux-2.6 Launchpad, Ubuntu, Debian |
upstream |
Released
(3.11~rc1)
|
|
linux-armadaxp Launchpad, Ubuntu, Debian |
upstream |
Released
(3.11~rc1)
|
|
linux-aws Launchpad, Ubuntu, Debian |
upstream |
Released
(3.11~rc1)
|
|
linux-ec2 Launchpad, Ubuntu, Debian |
upstream |
Released
(3.11~rc1)
|
|
linux-flo Launchpad, Ubuntu, Debian |
upstream |
Released
(3.11~rc1)
|
|
linux-fsl-imx51 Launchpad, Ubuntu, Debian |
upstream |
Released
(3.11~rc1)
|
|
linux-gke Launchpad, Ubuntu, Debian |
upstream |
Released
(3.11~rc1)
|
|
linux-goldfish Launchpad, Ubuntu, Debian |
upstream |
Released
(3.11~rc1)
|
|
linux-grouper Launchpad, Ubuntu, Debian |
upstream |
Released
(3.11~rc1)
|
|
linux-hwe Launchpad, Ubuntu, Debian |
upstream |
Released
(3.11~rc1)
|
|
linux-hwe-edge Launchpad, Ubuntu, Debian |
upstream |
Released
(3.11~rc1)
|
|
linux-linaro-omap Launchpad, Ubuntu, Debian |
upstream |
Released
(3.11~rc1)
|
|
linux-linaro-shared Launchpad, Ubuntu, Debian |
upstream |
Released
(3.11~rc1)
|
|
linux-linaro-vexpress Launchpad, Ubuntu, Debian |
upstream |
Released
(3.11~rc1)
|
|
linux-lts-quantal Launchpad, Ubuntu, Debian |
upstream |
Released
(3.11~rc1)
|
|
linux-lts-raring Launchpad, Ubuntu, Debian |
upstream |
Released
(3.11~rc1)
|
|
linux-lts-trusty Launchpad, Ubuntu, Debian |
upstream |
Released
(3.11~rc1)
|
|
linux-lts-utopic Launchpad, Ubuntu, Debian |
upstream |
Released
(3.11~rc1)
|
|
linux-lts-vivid Launchpad, Ubuntu, Debian |
upstream |
Released
(3.11~rc1)
|
|
linux-lts-wily Launchpad, Ubuntu, Debian |
upstream |
Released
(3.11~rc1)
|
|
linux-lts-xenial Launchpad, Ubuntu, Debian |
upstream |
Released
(3.11~rc1)
|
|
linux-maguro Launchpad, Ubuntu, Debian |
upstream |
Released
(3.11~rc1)
|
|
linux-mako Launchpad, Ubuntu, Debian |
upstream |
Released
(3.11~rc1)
|
|
linux-manta Launchpad, Ubuntu, Debian |
upstream |
Released
(3.11~rc1)
|
|
linux-mvl-dove Launchpad, Ubuntu, Debian |
upstream |
Released
(3.11~rc1)
|
|
linux-qcm-msm Launchpad, Ubuntu, Debian |
upstream |
Released
(3.11~rc1)
|
|
linux-raspi2 Launchpad, Ubuntu, Debian |
upstream |
Released
(3.11~rc1)
|
|
linux-snapdragon Launchpad, Ubuntu, Debian |
upstream |
Released
(3.11~rc1)
|
|
linux-ti-omap4 Launchpad, Ubuntu, Debian |
upstream |
Released
(3.11~rc1)
|
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4125
- https://github.com/torvalds/linux/commit/307f2fb95e9b96b3577916e73d92e104f8f26494
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=307f2fb95e9b96b3577916e73d92e104f8f26494
- https://bugzilla.redhat.com/show_bug.cgi?id=984664
- http://www.openwall.com/lists/oss-security/2013/07/15/4
- https://ubuntu.com/security/notices/USN-1935-1
- https://ubuntu.com/security/notices/USN-1936-1
- NVD
- Launchpad
- Debian