IPv6 DoS

To: tech-net%netbsd.org@localhost
Subject: IPv6 DoS
From: Loganaden Velvindron <logan%elandsys.com@localhost>
Date: Tue, 20 Aug 2013 12:43:05 -0700

Hi all,

i saw this vulnerability that was MFC'ed in OpenBSD:

 005: RELIABILITY FIX: May 31, 2013   All architectures
A local denial of service is possible by an unprivileged user if 
the SIOCSIFADDR ioctl is performed upon an AF_INET6 socket with a 
specially crafted parameter. 

Going through the netbsd in6.c code, it looks like netbsd is vulnerable
as well.

Patch on my netbsd-6 box:

Index: in6.c
===================================================================
RCS file: /cvsroot/src/sys/netinet6/in6.c,v
retrieving revision 1.159
diff -u -p -r1.159 in6.c
--- in6.c       19 Nov 2011 22:51:26 -0000      1.159
+++ in6.c       20 Aug 2013 19:28:26 -0000
@@ -465,6 +465,12 @@ in6_control1(struct socket *so, u_long c
        case SIOCGIFSTAT_ICMP6:
                sa6 = &ifr->ifr_addr;
                break;
+       case SIOCSIFADDR:
+               /*
+                * Do not pass this ioctl to driver handler since it is not
+                * properly setup. Instead just error out.
+                */
+               return (EOPNOTSUPP);
        default:
                sa6 = NULL;
                break;

Follow-Ups:
- Re: IPv6 DoS
  - From: Christos Zoulas

Prev by Date: Re: Network stress testing tools
Next by Date: Re: SOLVED: Multicast problems with bridge(4) ports
Previous by Thread: Network stress testing tools
Next by Thread: Re: IPv6 DoS
Indexes:

Home | Main Index | Thread Index | Old Index