CVE-2016-3698

HIGH

libndp <1.6 - Man-in-the-Middle/DoS

Title source: llm
STIX 2.1

Description

libndp before 1.6, as used in NetworkManager, does not properly validate the origin of Neighbor Discovery Protocol (NDP) messages, which allows remote attackers to conduct man-in-the-middle attacks or cause a denial of service (network connectivity disruption) by advertising a node as a router from a non-local network.

References (7)

Core 7
Core References
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2016/dsa-3581
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2016/05/17/9
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2980-1
Vendor Advisory vendor-advisory x_refsource_redhat
https://rhn.redhat.com/errata/RHSA-2016-1086.html

Scores

CVSS v3 8.1
EPSS 0.0381
EPSS Percentile 88.7%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-284
Status published
Products (11)
canonical/ubuntu_linux 15.10
canonical/ubuntu_linux 16.04
debian/debian_linux 8.0
libndp/libndp < 1.5
redhat/enterprise_linux_desktop 7.0
redhat/enterprise_linux_hpc_node 7.0
redhat/enterprise_linux_hpc_node_eus 7.2
redhat/enterprise_linux_server 7.0
redhat/enterprise_linux_server_aus 7.2
redhat/enterprise_linux_server_eus 7.2
... and 1 more
Published Jun 13, 2016
Tracked Since Feb 18, 2026