PT-2013-1021 · Linux+4 · Linux Kernel+4

Prasad Pandit

Published

2013-02-28

Updated

2014-06-23

CVE-2013-0343

CVSS v2.0

3.2

Low

Vector

AV:A/AC:H/Au:N/C:P/I:N/A:P

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 3.8

Description The issue arises from the improper handling of IPv6 temporary address generation, allowing remote attackers to cause a denial of service and potentially obtain sensitive information. This can be achieved by sending specific ICMPv6 Router Advertisement messages to the router, which can disable the creation of temporary addresses.

Recommendations For Linux kernel versions prior to 3.8, consider disabling the ipv6 create tempaddr function as a temporary workaround until a patch is available. Restrict access to ICMPv6 Router Advertisement messages to minimize the risk of exploitation. Update to a version 3.8 or later to resolve the issue.

Exploit

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

ALT-PU-2013-1178

BDU:2014-00085

CESA-2013_1645

CVE-2013-0343

DSA-2906-1

MGASA-2013-0371

MGASA-2013-0372

MGASA-2013-0373

MGASA-2013-0374

MGASA-2013-0375

OPENSUSE-SU-2014_0204-1

RHSA-2013:1449

RHSA-2013:1490

RHSA-2013:1645

RHSA-2013_1449

RHSA-2013_1645

SUSE-SU-2014_0832-1

SUSE-SU-2015:0652-1

USN-1976-1

USN-1977-1

USN-2019-1

USN-2020-1

USN-2021-1

USN-2022-1

USN-2023-1

USN-2024-1

USN-2038-1

USN-2039-1

USN-2050-1

Affected Products

Alt Linux

Centos

Linux Kernel

Red Hat

Suse

PT-2013-1021 · Linux+4 · Linux Kernel+4

CVE-2013-0343

Weakness Enumeration

Related Identifiers

Affected Products

References · 335