|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: NetBSD Security-Officer (security-officer
netbsd.org)
Date: Thu Sep 13 2007 - 16:56:16 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
NetBSD Security Advisory 2007-005
=================================
Topic: IPv6 Type 0 Routing Header
Version: NetBSD-current: source prior to April 22, 2007
NetBSD 4.0_BETA2 affected
NetBSD 3.1: affected
NetBSD 3.0.*: affected
NetBSD 3.0: affected
NetBSD 2.1: affected
NetBSD 2.0.*: affected
NetBSD 2.0: affected
Severity: Remote Denial of Service
Fixed: NetBSD-current: April 22, 2007
NetBSD-4 branch: April 28, 2007
(4.0 will include the fix)
NetBSD-3-1 branch April 26, 2007
(3.1.1 will include the fix)
NetBSD-3-0 branch: April 26, 2007
(3.0.3 will include the fix)
NetBSD-3 branch: April 26, 2007
NetBSD-2-1 branch: June 04, 2007
NetBSD-2-0 branch: June 04, 2007
NetBSD-2 branch: June 04, 2007
Abstract
========
A crafted IPv6 Type 0 Routing Header packet(s) can be used to launch a
denial of service attack on an IPv6 host.
This vulnerability has been assigned CVE reference CVE-2007-2242.
Technical Details
=================
A remote attacker can transmit crafted IPv6 packets using a Type 0 Routing
Header. The result is a type of denial of service attack known as a
traffic amplification attack where the bandwidth between the sending
and receiving hosts increases during the attack.
Solutions and Workarounds
=========================
To rectify these problems a kernel built from sources containing the
fixes must be installed and the system rebooted. The fixes introduce a
new sysctl(8) that can be used to control the processing of IPv6 type 0
packets. The new sysctl is named net.inet6.ip6.rht0 and has three possible
values:
-1 Processing is disabled (default).
0 Processing is enabled only for routers and not for hosts.
1 Processing is enabled for both routers and hosts.
NOTE: This sysctl was later removed from NetBSD-current on May 17 2007 and
the default was hard set to drop IPv6 type 0 packets. This sysctl may
disappear from future NetBSD releases.
The following instructions describe how to upgrade your kernel
by updating your source tree and rebuilding and installing a new version
of the kernel.
For more information on how to do this, see:
http://www.NetBSD.org/guide/en/chap-kernel.html
* NetBSD-current:
Systems running NetBSD-current dated from before 2007-04-22
should be upgraded to NetBSD-current dated 2007-04-23 or later.
The following files need to be updated from the
netbsd-current CVS branch (aka HEAD):
sys/netinet6/ip6_input.c
sys/netinet6/ip6_var.h
sys/netinet6/route6.c
share/man/man7/sysctl.7
To update from CVS, re-build, and re-install a kernel containing
the fix:
# cd src
# cvs update sys/netinet6/ip6_input.c
# cvs update sys/netinet6/ip6_var.h
# cvs update sys/netinet6/route6.c
# cvs update share/man/man7/sysctl.7
# build.sh tools kernel=KERNCONFFILE
* NetBSD 3.*:
Systems running NetBSD 3.* sources dated from before
2007-04-26 should be upgraded from NetBSD 3.* sources dated
2007-04-27 or later.
The following files need to be updated from the
netbsd-3, netbsd-3-0 or netbsd-3-1 branches:
sys/netinet6/ip6_input.c
sys/netinet6/ip6_var.h
sys/netinet6/route6.c
sbin/sysctl/sysctl.8
To update from CVS, re-build, and re-install a kernel containing
the fix:
# cd src
# cvs update -r <branch_name> sys/netinet6/ip6_input.c
# cvs update -r <branch_name> sys/netinet6/ip6_var.h
# cvs update -r <branch_name> sys/netinet6/route6.c
# cvs update -r <branch_name> sbin/sysctl/sysctl.8
# build.sh tools kernel=KERNCONFFILE
* NetBSD 2.*:
Systems running NetBSD 2.* sources dated from before
2007-06-04 should be upgraded from NetBSD 2.* sources dated
2007-06-05 or later.
The following files need to be updated from the
netbsd-2, netbsd-2-0 or netbsd-2-1 CVS branches:
sys/netinet6/ip6_input.c
sys/netinet6/ip6_var.h
sys/netinet6/route6.c
sbin/sysctl/sysctl.8
To update from CVS, re-build, and re-install a kernel containing
the fix:
# cd src
# cvs update -r <branch_name> sys/netinet6/ip6_input.c
# cvs update -r <branch_name> sys/netinet6/ip6_var.h
# cvs update -r <branch_name> sys/netinet6/route6.c
# cvs update -r <branch_name> sbin/sysctl/sysctl.8
# build.sh tools kernel=KERNCONFFILE
Thanks To
=========
Philippe Biondi and Arnaud Ebalard for discovering and reporting this problem.
Revision History
================
2007-09-13 Initial release
More Information
================
Advisories may be updated as new information becomes available.
The most recent version of this advisory (PGP signed) can be found at
ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2007-005.txt.asc
Information about NetBSD and NetBSD security can be found at
http://www.NetBSD.org/ and http://www.NetBSD.org/Security/.
Copyright 2007, The NetBSD Foundation, Inc. All Rights Reserved.
Redistribution permitted only in full, unmodified form.
$NetBSD: rt14129_RH0.txt,v 1.3 2007/08/18 20:37:42 mjf Exp $
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (NetBSD)
iQCVAwUBRuhdNz5Ru2/4N2IFAQLEkwP/Q8npU5jzm/s95MYHECcGTdW5xPOZu5Pv
UHd8W8/k8e7BygW8hhfrXZQjFmglDsdvkwQL5stPQeWNmYdJAe280UAwn6v+FoTw
LwraKzI82iV1tYhBGlq/TbrkGI4JOmEqpUqqSGtGDnrYT7ZgU0/87VGyHCftvOjE
e0KiJD5McZU=
=1z0U
-----END PGP SIGNATURE-----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]