vulnerability

Oracle Linux: CVE-2018-15688: ELSA-2018-3665: NetworkManager security update (IMPORTANT) (Multiple Advisories)

Severity
8
CVSS
(AV:A/AC:L/Au:N/C:C/I:C/A:C)
Published
10/26/2018
Added
07/21/2020
Modified
12/06/2024

Description

A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in systemd-networkd. Affected releases are systemd: versions up to and including 239.
It was discovered that systemd-network does not correctly keep track of a buffer size when constructing DHCPv6 packets. This flaw may lead to an integer underflow that can be used to produce an heap-based buffer overflow. A malicious host on the same network segment as the victim's one may advertise itself as a DHCPv6 server and exploit this flaw to cause a Denial of Service or potentially gain code execution on the victim's machine.

Solution(s)

oracle-linux-upgrade-libgudev1oracle-linux-upgrade-libgudev1-develoracle-linux-upgrade-networkmanageroracle-linux-upgrade-networkmanager-adsloracle-linux-upgrade-networkmanager-bluetoothoracle-linux-upgrade-networkmanager-config-serveroracle-linux-upgrade-networkmanager-dispatcher-routing-rulesoracle-linux-upgrade-networkmanager-gliboracle-linux-upgrade-networkmanager-glib-develoracle-linux-upgrade-networkmanager-libnmoracle-linux-upgrade-networkmanager-libnm-develoracle-linux-upgrade-networkmanager-ovsoracle-linux-upgrade-networkmanager-ppporacle-linux-upgrade-networkmanager-teamoracle-linux-upgrade-networkmanager-tuioracle-linux-upgrade-networkmanager-wifioracle-linux-upgrade-networkmanager-wwanoracle-linux-upgrade-systemdoracle-linux-upgrade-systemd-develoracle-linux-upgrade-systemd-journal-gatewayoracle-linux-upgrade-systemd-libsoracle-linux-upgrade-systemd-networkdoracle-linux-upgrade-systemd-pythonoracle-linux-upgrade-systemd-resolvedoracle-linux-upgrade-systemd-sysv
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.