SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (UNIX)  >   OpenBSD Kernel Vendors:   OpenBSD
(OpenBSD Issues Fix) OpenBSD IPv6 MTU Processing Flaw Lets Remote Users Crash the Kernel
SecurityTracker Alert ID:  1008978
SecurityTracker URL:  http://securitytracker.com/id/1008978
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Feb 8 2004
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 3.3, 3.4
Description:   A denial of service vulnerability was reported in OpenBSD in the processing of IPv6 packets. A remote user can cause the system to crash.

Georgi Guninski reported that a remote user can send an IPv6 packet with a small MTU to the target system and then connect to the target system via TCP to cause the target system to crash.

NetBSD may also be affected.

Steps to reproduce the flaw are described in the Source Message.

The vendor was reportedly notified on February 1, 2004.

Impact:   A remote user can cause the target system to crash.
Solution:   The vendor has released a fix in the '-current' release. Also, patches are available for 3.4-stable and 3.3-stable at:

ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.4/common/011_ip6.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/016_ip6.patch

Vendor URL:  www.openbsd.org/ (Links to External Site)
Cause:   Boundary error, Exception handling error

Message History:   This archive entry is a follow-up to the message listed below.
Feb 4 2004 OpenBSD IPv6 MTU Processing Flaw Lets Remote Users Crash the Kernel



 Source Message Contents

Subject:  IPv6 MTU handling problem


An IPv6 MTU handling problem has been reported by Georgi Guninski[1],
which could be used by an attacker to cause a denial of service attack
against hosts reachable through IPv6.

When the MTU (maximum transfer unit) for an IPv6 route is set very low,
the TCP stack will enter an endless recursion when the next TCP packet
is sent. This can be exploited remotely by sending ICMP6 'packet too
big' messages containing such low MTU values. The kernel will
effectively lock up, causing denial of service. It is not believed that
this problem can be used to execute arbitrary code.

IPv6 is enabled by default, but the problem can only be exploited
remotely against hosts which are reachable through IPv6. Hosts with
IPv4 connectivity only are not affected.

The problem is fixed in -current, patches for 3.4-stable and 3.3-stable
are available at

  ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.4/common/011_ip6.patch
  ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/016_ip6.patch

[1] http://www.guninski.com/obsdmtu.html


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC