tech-net archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

IPv6 DoS



Hi all,

i saw this vulnerability that was MFC'ed in OpenBSD:

 005: RELIABILITY FIX: May 31, 2013   All architectures
A local denial of service is possible by an unprivileged user if 
the SIOCSIFADDR ioctl is performed upon an AF_INET6 socket with a 
specially crafted parameter. 

Going through the netbsd in6.c code, it looks like netbsd is vulnerable
as well.

Patch on my netbsd-6 box:

Index: in6.c
===================================================================
RCS file: /cvsroot/src/sys/netinet6/in6.c,v
retrieving revision 1.159
diff -u -p -r1.159 in6.c
--- in6.c       19 Nov 2011 22:51:26 -0000      1.159
+++ in6.c       20 Aug 2013 19:28:26 -0000
@@ -465,6 +465,12 @@ in6_control1(struct socket *so, u_long c
        case SIOCGIFSTAT_ICMP6:
                sa6 = &ifr->ifr_addr;
                break;
+       case SIOCSIFADDR:
+               /*
+                * Do not pass this ioctl to driver handler since it is not
+                * properly setup. Instead just error out.
+                */
+               return (EOPNOTSUPP);
        default:
                sa6 = NULL;
                break;


Home | Main Index | Thread Index | Old Index