The mipv6 daemon in UMIP 0.4 does not verify that netlink messages originated in the kernel, which allows local users to spoof netlink socket communication via a crafted unicast message.
CVSS 2.0
Severity: LOW
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| linux-ipv6 | umip | 0.4 |
Multiple buffer overflows in ha.c in the mipv6 daemon in UMIP 0.4 allow remote attackers to have an unspecified impact via a crafted (1) ND_OPT_PREFIX_INFORMATION or (2) ND_OPT_HOME_AGENT_INFO packet.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| linux-ipv6 | umip | 0.4 |