Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

   


   


   

















      :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: FreeBSD Security Advisory FreeBSD-SA-07:03.ipv6



> -----Original Message-----
> From: FreeBSD Security Advisories 
> [mailto:security-advisories@xxxxxxxxxxx] 
> Sent: Friday, April 27, 2007 3:50 AM
> To: Bugtraq
> Subject: FreeBSD Security Advisory FreeBSD-SA-07:03.ipv6
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> ==============================================================
> ===============
> FreeBSD-SA-07:03.ipv6                                       
> Security Advisory
>                                                           The 
> FreeBSD Project
> 
> Topic:          IPv6 Routing Header 0 is dangerous
> 
> Category:       core
> Module:         ipv6
> Announced:      2007-04-26
> Credits:        Philippe Biondi, Arnaud Ebalard, Jun-ichiro 
> itojun Hagino
> Affects:        All FreeBSD releases.
> Corrected:      2007-04-24 11:42:42 UTC (RELENG_6, 6.2-STABLE)
>                 2007-04-26 23:42:23 UTC (RELENG_6_2, 6.2-RELEASE-p4)
>                 2007-04-26 23:41:59 UTC (RELENG_6_1, 6.1-RELEASE-p16)
>                 2007-04-24 11:44:23 UTC (RELENG_5, 5.5-STABLE)
>                 2007-04-26 23:41:27 UTC (RELENG_5_5, 5.5-RELEASE-p12)
> CVE Name:       CVE-2007-2242
> 
> I.   Background
> 
> IPv6 provides a routing header option which allows a packet sender to
> indicate how the packet should be routed, overriding the 
> routing knowledge
> present in a network.  This functionality is roughly equivalent to the
> "source routing" option in IPv4.  All nodes in an IPv6 network -- both
> routers and hosts -- are required by RFC 2640 to process such headers.
> 
> II.  Problem Description
> 
> There is no mechanism for preventing IPv6 routing headers 
> from being used
> to route packets over the same link(s) many times.
> 
> III. Impact
> 
> An attacker can "amplify" a denial of service attack against 
> a link between
> two vulnerable hosts; that is, by sending a small volume of 
> traffic the
> attacker can consume a much larger amount of bandwidth between the two
> vulnerable hosts.
> 
> An attacker can use vulnerable hosts to "concentrate" a 
> denial of service
> attack against a victim host or network; that is, a set of 
> packets sent
> over a period of 30 seconds or more could be constructed such 
> that they
> all arrive at the victim within a period of 1 second or less.
> 
> Other attacks may also be possible.
> 
> IV.  Workaround
> 
> No workaround is available.
> 
> V.   Solution
> 
> NOTE WELL: The solution described below causes IPv6 type 0 
> routing headers
> to be ignored.  Support for IPv6 type 0 routing headers can 
> be re-enabled
> if required by setting the newly added 
> net.inet6.ip6.rthdr0_allowed sysctl
> to a non-zero value.
> 
> Perform one of the following:
> 
> 1) Upgrade your vulnerable system to 5-STABLE, or 6-STABLE, or to the
> RELENG_6_2, RELENG_6_1, or RELENG_5_5 security branch dated after the
> correction date.
> 
> 2) To patch your present system:
> 
> The following patches have been verified to apply to FreeBSD 5.5, 6.1,
> and 6.2 systems.
> 
> a) Download the relevant patch from the location below, and verify the
> detached PGP signature using your PGP utility.
> 
> # fetch http://security.FreeBSD.org/patches/SA-07:03/ipv6.patch
> # fetch http://security.FreeBSD.org/patches/SA-07:03/ipv6.patch.asc
> 
> b) Apply the patch.
> 
> # cd /usr/src
> # patch < /path/to/patch
> 
> c) Recompile your kernel as described in
> <URL:http://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
> system.
> 
> VI.  Correction details
> 
> The following list contains the revision numbers of each file that was
> corrected in FreeBSD.
> 
> Branch                                                        
>    Revision
>   Path
> - 
> --------------------------------------------------------------
> -----------
> RELENG_5
>   src/sys/netinet6/in6.h                                      
>    1.35.2.5
>   src/sys/netinet6/in6_proto.c                                
>    1.29.2.5
>   src/sys/netinet6/route6.c                                   
>    1.10.4.2
> RELENG_5_5
>   src/UPDATING                                            
> 1.342.2.35.2.12
>   src/sys/conf/newvers.sh                                  
> 1.62.2.21.2.14
>   src/sys/netinet6/in6.h                                     
> 1.35.2.3.2.1
>   src/sys/netinet6/in6_proto.c                               
> 1.29.2.4.2.1
>   src/sys/netinet6/route6.c                                  
> 1.10.4.1.4.1
> RELENG_6
>   src/sys/netinet6/in6.h                                      
>    1.36.2.8
>   src/sys/netinet6/in6_proto.c                                
>    1.32.2.6
>   src/sys/netinet6/route6.c                                   
>    1.11.2.2
> RELENG_6_2
>   src/UPDATING                                             
> 1.416.2.29.2.7
>   src/sys/conf/newvers.sh                                   
> 1.69.2.13.2.7
>   src/sys/netinet6/in6.h                                     
> 1.36.2.7.2.1
>   src/sys/netinet6/in6_proto.c                               
> 1.32.2.5.2.1
>   src/sys/netinet6/route6.c                                  
> 1.11.2.1.4.1
> RELENG_6_1
>   src/UPDATING                                            
> 1.416.2.22.2.18
>   src/sys/conf/newvers.sh                                  
> 1.69.2.11.2.18
>   src/sys/netinet6/in6.h                                     
> 1.36.2.6.2.1
>   src/sys/netinet6/in6_proto.c                               
> 1.32.2.4.2.1
>   src/sys/netinet6/route6.c                                  
> 1.11.2.1.2.1
> - 
> --------------------------------------------------------------
> -----------
> 
> VII. References
> 
> http://www.secdev.org/conf/IPv6_RH_security-csw07.pdf
> 
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2242
> 
> The latest revision of this advisory is available at
> http://security.FreeBSD.org/advisories/FreeBSD-SA-07:03.ipv6.asc
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (FreeBSD)
> 
> iD4DBQFGMTlvFdaIBMps37IRApu3AJYsifWIDLcyxNcMdnkvw4nBqXFoAJ43+IzB
> M5sIdCmLQABByFlbMB2BjQ==
> =OrNf
> -----END PGP SIGNATURE-----
> 



 




Copyright © Lexa Software, 1996-2009.