tech-net archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
IPv6 DoS
Hi all,
i saw this vulnerability that was MFC'ed in OpenBSD:
005: RELIABILITY FIX: May 31, 2013 All architectures
A local denial of service is possible by an unprivileged user if
the SIOCSIFADDR ioctl is performed upon an AF_INET6 socket with a
specially crafted parameter.
Going through the netbsd in6.c code, it looks like netbsd is vulnerable
as well.
Patch on my netbsd-6 box:
Index: in6.c
===================================================================
RCS file: /cvsroot/src/sys/netinet6/in6.c,v
retrieving revision 1.159
diff -u -p -r1.159 in6.c
--- in6.c 19 Nov 2011 22:51:26 -0000 1.159
+++ in6.c 20 Aug 2013 19:28:26 -0000
@@ -465,6 +465,12 @@ in6_control1(struct socket *so, u_long c
case SIOCGIFSTAT_ICMP6:
sa6 = &ifr->ifr_addr;
break;
+ case SIOCSIFADDR:
+ /*
+ * Do not pass this ioctl to driver handler since it is not
+ * properly setup. Instead just error out.
+ */
+ return (EOPNOTSUPP);
default:
sa6 = NULL;
break;
Home |
Main Index |
Thread Index |
Old Index