Date: Fri, 3 Apr 2015 11:54:01 +0200 From: "D.S. Ljungmark" <ljungmark@...io.se> To: Jim Thompson <jim@...gate.com> Cc: Eitan Adler <lists@...anadler.com>, FreeBSD Security Team <secteam@...ebsd.org>, "freebsd-net@...ebsd.org" <net@...ebsd.org>, oss-security@...ts.openwall.com Subject: Re: CVE Request : IPv6 Hop limit lowering via RA messages On Fri, Apr 3, 2015 at 6:06 AM, Jim Thompson <jim@...gate.com> wrote: > have you considered that there might not be a relevant patch because FreeBSD’s implementation isn’t affected? sys/netinet6/nd6_rtr.c 300 if (nd_ra->nd_ra_curhoplimit) 301 ndi->chlim = nd_ra->nd_ra_curhoplimit; The only "OUT" in that function I see are tests for: Not accepting RA hoplimit on current packet != 255 not link-local No extended ipv6 header Based on previous testing ( early March 2015), and reading of the source, I say that FreeBSD is vulnerable. Regards, D.S. Ljungmark > > Jim > >> On Apr 2, 2015, at 9:15 PM, Eitan Adler <lists@...anadler.com> wrote: >> >> + FreeBSD lists since I haven't seen any relevant patches (although I >> might have missed them). >> >> ---------- Forwarded message ---------- >> From: D.S. Ljungmark <ljungmark@...io.se> >> Date: 2 April 2015 at 10:19 >> Subject: [oss-security] CVE Request : IPv6 Hop limit lowering via RA messages >> To: oss-security@...ts.openwall.com >> >> >> An unprivileged user on a local network can use IPv6 Neighbour >> Discovery ICMP to broadcast a non-route with a low hop limit, this >> causing machines to lower the hop limit on existing IPv6 routes. >> >> Linux Patch: http://www.spinics.net/lists/netdev/msg322361.html >> Redhat bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1203712 >> >> Projects impacted: Linux kernel, NetworkManager, FreeBSD Kernel >> >> >> Regards, >> D.S. Ljungmark >> >> >> -- >> Eitan Adler >> _______________________________________________ >> freebsd-net@...ebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-net >> To unsubscribe, send any mail to "freebsd-net-unsubscribe@...ebsd.org" >
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ