CVE-2016-3698
Publication date 17 May 2016
Last updated 25 August 2025
Ubuntu priority
Description
libndp before 1.6, as used in NetworkManager, does not properly validate the origin of Neighbor Discovery Protocol (NDP) messages, which allows remote attackers to conduct man-in-the-middle attacks or cause a denial of service (network connectivity disruption) by advertising a node as a router from a non-local network.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| libndp | ||
| 16.04 LTS xenial |
Fixed 1.4-2ubuntu0.16.04.1
|
|
| 14.04 LTS trusty | Not in release | |
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
8.1 · High
|
| Attack vector | Network |
| Attack complexity | High |
| Privileges required | None |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
References
Related Ubuntu Security Notices (USN)
- USN-2980-1
- libndp vulnerability
- 17 May 2016