| Description: | Multiple security issues were discovered by Vasiliy Kulikov in radvd, an IPv6 Router Advertisement daemon: CVE-2011-3602 set_interface_var function doesnt check the interface name, which is chosen by an unprivileged user. This could lead to an arbitrary file overwrite if the attacker has local access, or specific files overwrites otherwise. CVE-2011-3604 process_ra function lacks multiple buffer length checks which could lead to memory reads outside the stack, causing a crash of the daemon. CVE-2011-3605 process_rs function calls mdelay unconditionnally when running in unicast-only mode. As this call is in the main thread, that means all request processing is delayed. An attacked could flood the daemon with router solicitations in order to fill the input queue, causing a temporary denial of service. Note: upstream and Debian default is to use anycast mode. |