MNBSD-2020-13: rtsold RDNSS/DNSSL option handling buffer overflow

Severity: Unknown

Affected Package: rtsold

Summary: rtsold RDNSS/DNSSL option handling buffer overflow

Description

Two bugs existed in rtsold(8)'s handling of RDNSS and DNSSL router advertisement options. rtsold(8) failed to perform sufficient bounds checking, not verifying that an option did not extend past the end of the received packet (CVE-2020-25577). In addition, when decoding DNSSL domain name labels, rtsold(8) did not validate label lengths correctly and could overflow the destination buffer (CVE-2020-25583). Because rtsold(8) runs as root, an attacker on the same physical link could potentially achieve remote code execution.

Affected Versions

rtsold

Recommendations

No specific recommendations provided.

References

Additional Information

Aliases: CVE-2020-25577, CVE-2020-25583

Published: December 01, 2020
Last Modified: December 01, 2020