OVAL Reference oval:com.ubuntu.precise:def:20152922000

Oval Definition:

oval:com.ubuntu.precise:def:20152922000

Revision Date:	2015-05-27	Version:	1
Title:	CVE-2015-2922 on Ubuntu 12.04 LTS (precise) - medium.
Description:	The ndisc_router_discovery function in net/ipv6/ndisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in the Linux kernel before 3.19.6 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message. It was discovered that the Linux kernel's IPv6 networking stack has a flaw that allows using route advertisement (RA) messages to set the 'hop_limit' to values that are too low. An unprivileged attacker on a local network could exploit this flaw to cause a denial of service (IPv6 messages dropped).
Family:	unix	Class:	vulnerability
Status:		Reference(s):	CVE-2015-2922
Platform(s):	Ubuntu 12.04 LTS	Product(s):
Definition Synopsis
Ubuntu 12.04 LTS (precise) is installed. AND Package Information The 'linux' package in precise was vulnerable but has been fixed (note: '3.2.0-82.119'). OR The 'linux-armadaxp' package in precise was vulnerable but has been fixed (note: '3.2.0-1649.69'). OR While related to the CVE in some way, a decision has been made to ignore it (note: 'abandoned'). OR While related to the CVE in some way, a decision has been made to ignore it (note: 'abandoned'). OR While related to the CVE in some way, a decision has been made to ignore it (note: 'abandoned'). OR While related to the CVE in some way, a decision has been made to ignore it (note: 'was pending [3.5.0-61.90] OEM release'). OR While related to the CVE in some way, a decision has been made to ignore it (note: 'was needs-triage now end-of-life'). OR While related to the CVE in some way, a decision has been made to ignore it (note: 'was pending [3.11.0-34.55~precise1] OEM release'). OR The 'linux-lts-trusty' package in precise was vulnerable but has been fixed (note: '3.13.0-51.84~precise1'). OR While related to the CVE in some way, a decision has been made to ignore it (note: 'abandoned'). OR The 'linux-ti-omap4' package in precise was vulnerable but has been fixed (note: '3.2.0-1463.83').

BACK