Vulnerability Details : CVE-2015-0272
GNOME NetworkManager allows remote attackers to cause a denial of service (IPv6 traffic disruption) via a crafted MTU value in an IPv6 Router Advertisement (RA) message, a different vulnerability than CVE-2015-8215.
Vulnerability category: Denial of service
Products affected by CVE-2015-0272
- cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_desktop:12:sp1:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_desktop:12:-:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_desktop:11:sp4:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:11:-:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*
- cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:-:*:*
- cpe:2.3:o:suse:linux_enterprise_server:12:sp1:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:12:-:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:*:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:sp1:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp3:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:-:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp1:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp4:*:*:*:*:*:*
- cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp2:*:*:*:*:*:*
- cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp4:*:*:*:*:*:*
- cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp3:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_real_time_extension:11:sp3:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_real_time_extension:11:sp4:*:*:*:*:*:*
- cpe:2.3:o:oracle:linux:7:-:*:*:*:*:*:*
- cpe:2.3:a:gnome:networkmanager:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-0272
2.76%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 89 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-0272
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
References for CVE-2015-0272
-
http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=d5fc88e573fa58b93034b04d35a2454f5d28cad9
NetworkManager/NetworkManager - Network connection manager and user applications (mirrored from https://gitlab.freedesktop.org/NetworkManager/NetworkManager)Issue Tracking;Patch;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00005.html
[security-announce] SUSE-SU-2015:2194-1: important: Security update forMailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html
[security-announce] SUSE-SU-2016:2074-1: important: Security update forMailing List;Third Party Advisory
-
http://www.ubuntu.com/usn/USN-2792-1
USN-2792-1: Linux kernel vulnerabilities | Ubuntu security noticesMailing List;Third Party Advisory
-
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
Oracle Linux Bulletin - October 2015Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00026.html
[security-announce] SUSE-SU-2015:2339-1: important: Security update forMailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00018.html
[security-announce] SUSE-SU-2015:2292-1: important: Security update forMailing List;Third Party Advisory
-
http://www.securityfocus.com/bid/76814
GNOME NetworkManager 'ipv6/addrconf.c' Denial of Service VulnerabilityThird Party Advisory;VDB Entry
-
https://bugzilla.redhat.com/show_bug.cgi?id=1192132
1192132 – (CVE-2015-0272) CVE-2015-0272 NetworkManager: remote DoS using IPv6 RA with bogus MTUIssue Tracking;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00013.html
[security-announce] SUSE-SU-2016:0354-1: important: Security update forMailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00035.html
[security-announce] SUSE-SU-2015:2108-1: important: Security update forMailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00031.html
[security-announce] SUSE-SU-2015:2350-1: important: Security update forMailing List;Third Party Advisory
Jump to