BSD IPv6 Type 0 Route Headers May Let Remote Users Deny Service
|
|
SecurityTracker Alert ID: 1017949
|
|
SecurityTracker URL: http://securitytracker.com/id?1017949
|
|
CVE Reference: CVE-2007-2242
(Links to External Site)
|
Updated: Apr 27 2007
|
Original Entry Date: Apr 23 2007
|
Impact: Denial of service via network
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Advisory: OpenBSD Errata
|
Version(s): 3.9, 4.0
|
Description: A vulnerability was reported in IPv6, affecting OpenBSD and FreeBSD. A remote user can cause denial of service conditions.
A remote user can use IPv6 Type 0 route headers to conduct denial of service attacks against hosts and networks.
[Editor's note: The vendor indicates that this a design flaw in IPv6 and not a flaw in OpenBSD.]
|
Impact: A remote user can cause denial of service conditions.
|
Solution: OpenBSD has issued the following patches to provide protection against IPv6 Type 0 route header attacks:
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.9/common/022_route6
.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.0/common/012_route6.patch
[Editor's note: A fix is also available for FreeBSD.
A separate Alert will be issued covering the FreeBSD advisory.]
|
Vendor URL: www.openbsd.org/ (Links to External Site)
|
Cause: Resource error
|
Underlying OS: UNIX (OpenBSD)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: Mon, 23 Apr 2007 11:19:26 -0400
Subject: OpenBSD
|
SECURITY FIX: April 23, 2007 All architectures
IPv6 type 0 route headers can be used to mount a DoS attack against hosts and networks.
This is a design flaw in IPv6 and not a bug in OpenBSD.
A source code patch exists which remedies this problem.
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.9/common/022_route6.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.0/common/012_route6.patch
|
|
