Linux Kernel 3.8 ICMPv6 Packet net/ipv6/addrconf.c ipv6_create_tempaddr ICMPv6 Router Advertisement Packet denial of service
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 7.3 | $0-$5k | 0.00 |
Summary
A vulnerability identified as problematic has been detected in Linux Kernel 3.8. The affected element is the function ipv6_create_tempaddr of the file net/ipv6/addrconf.c of the component ICMPv6 Packet Handler. This manipulation as part of ICMPv6 Router Advertisement Packet causes denial of service.
The identification of this vulnerability is CVE-2013-0343. There is no exploit available.
It is advisable to implement restrictive firewalling.
Details
A vulnerability classified as critical was found in Linux Kernel 3.8 (Operating System). Affected by this vulnerability is the function ipv6_create_tempaddr of the file net/ipv6/addrconf.c of the component ICMPv6 Packet Handler. The manipulation as part of a ICMPv6 Router Advertisement Packet leads to a denial of service vulnerability. The CWE definition for the vulnerability is CWE-404. The product does not release or incorrectly releases a resource before it is made available for re-use. As an impact it is known to affect availability. The summary by CVE is:
The ipv6_create_tempaddr function in net/ipv6/addrconf.c in the Linux kernel through 3.8 does not properly handle problems with the generation of IPv6 temporary addresses, which allows remote attackers to cause a denial of service (excessive retries and address-generation outage), and consequently obtain sensitive information, via ICMPv6 Router Advertisement (RA) messages.
The weakness was shared 12/05/2012 by George Kargiotakis as not defined mailinglist post (oss-sec). The advisory is shared at openwall.com. This vulnerability is known as CVE-2013-0343 since 12/06/2012. The exploitation appears to be easy. The attack can be launched remotely. The exploitation doesn't need any form of authentication. Technical details are known, but no exploit is available.
The vulnerability scanner Nessus provides a plugin with the ID 70574 (Oracle Linux 5 : kernel (ELSA-2013-1449-1)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Oracle Linux Local Security Checks. The commercial vulnerability scanner Qualys is able to test this issue with plugin 195927 (Ubuntu Security Notification for Linux Vulnerabilities (USN-1976-1)).
Applying a patch is able to eliminate this problem. The bugfix is ready for download at git.kernel.org.Proper firewalling of IPv6 is able to address this issue. The problem might be mitigated by replacing the product with Apple MacOS X or Microsoft Windows as an alternative. The best possible mitigation is suggested to be applying a restrictive firewalling. A possible mitigation has been published 10 months after the disclosure of the vulnerability.
The vulnerability is also documented in the databases at X-Force (82534), Tenable (70574), SecurityFocus (BID 58795†), OSVDB (90811†) and Vulnerability Center (SBV-41203†). The entries VDB-10115, VDB-63768 and VDB-65147 are related to this item. Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Product
Type
Vendor
Name
Version
License
Website
- Vendor: https://www.kernel.org/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 7.5VulDB Meta Temp Score: 7.3
VulDB Base Score: 7.5
VulDB Temp Score: 7.3
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Denial of serviceCWE: CWE-404
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 70574
Nessus Name: Oracle Linux 5 : kernel (ELSA-2013-1449-1)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Port: 🔍
OpenVAS ID: 881811
OpenVAS Name: CentOS Update for kernel CESA-2013:1449 centos5
OpenVAS File: 🔍
OpenVAS Family: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: FirewallStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Patch: git.kernel.org
Firewalling: 🔍
Alternative: Apple MacOS X/Microsoft Windows
Timeline
11/14/2012 🔍11/14/2012 🔍
12/05/2012 🔍
12/06/2012 🔍
02/28/2013 🔍
03/05/2013 🔍
08/20/2013 🔍
08/26/2013 🔍
10/24/2013 🔍
05/05/2021 🔍
Sources
Vendor: kernel.orgAdvisory: openwall.com
Researcher: George Kargiotakis
Status: Not defined
Confirmation: 🔍
CVE: CVE-2013-0343 (🔍)
GCVE (CVE): GCVE-0-2013-0343
GCVE (VulDB): GCVE-100-7849
OVAL: 🔍
X-Force: 82534
SecurityFocus: 58795 - Linux Kernel CVE-2013-0343 IPv6 Temporary Addresses Remote Security Vulnerability
OSVDB: 90811
Vulnerability Center: 41203 - Linux Kernel 3 Through 3.8 Remote Denial of Service and Leakage of Sensitive Information When Generating Temporary IPv6 Addresses, Low
See also: 🔍
Entry
Created: 03/05/2013 09:06Updated: 05/05/2021 16:43
Changes: 03/05/2013 09:06 (86), 05/09/2017 10:30 (2), 05/05/2021 16:43 (3)
Complete: 🔍
Cache ID: 216:8D8:103
No comments yet. Languages: en.
Please log in to comment.