login
Search
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1NetBSD Security Advisory 2007-005
=================================Topic: IPv6 Type 0 Routing Header
Version: NetBSD-current: source prior to April 22, 2007
NetBSD 4.0_BETA2 affected
NetBSD 3.1: affected
NetBSD 3.0.*: affected
NetBSD 3.0: affected
NetBSD 2.1: affected
NetBSD 2.0.*: affected
NetBSD 2.0: affectedSeverity: Remote Denial of Service
Fixed: NetBSD-current: April 22, 2007
NetBSD-4 branch: April 28, 2007
(4.0 will include the fix)
NetBSD-3-1 branch April 26, 2007
(3.1.1 will include the fix)
NetBSD-3-0 branch: April 26, 2007
(3.0.3 will include the fix)
NetBSD-3 branch: April 26, 2007
NetBSD-2-1 branch: June 04, 2007
NetBSD-2-0 branch: June 04, 2007
NetBSD-2 branch: June 04, 2007Abstract
========A crafted IPv6 Type 0 Routing Header packet(s) can be used to launch a
denial of service attack on an IPv6 host.This vulnerability has been assigned CVE reference CVE-2007-2242.
Technical Details
=================A remote attacker can transmit crafted IPv6 packets using a Type 0 Routing
Header. The result is a type of denial of service attack known as a
traffic amplification attack where the bandwidth between the sending
and receiving hosts increases during the attack.Solutions and Workarounds
=========================To rectify these problems a kernel built from sources containing the
fixes must be installed and the system rebooted. The fixes introduce a
new sysctl(8) that can be used to control the processing of IPv6 type 0
packets. The new sysctl is named net.inet6.ip6.rht0 and has three possible
values:-1 Processing is disabled (default).
0 Processing is enabled only for routers and not for hosts.
1 Processing is enabled for both routers and hosts.NOTE: This sysctl was later removed from NetBSD-current on May 17 2007 and
the default was hard set to drop IPv6 type 0 packets. This sysctl may
disappear from future NetBSD releases.The following instructions describe how to upgrade your kernel
by updating your source tree and rebuilding and installing a new version
of the kernel.For more information on how to do this, see:
http://www.NetBSD.org/guide/en/chap-kernel.html
* NetBSD-current:
Systems running NetBSD-current dated from before 2007-04-22
should be upgraded to NetBSD-current dated 2007-04-23 or later.The following files need to be updated from the
netbsd-current CVS branch (aka HEAD):
sys/netinet6/ip6_input.c
sys/netinet6/ip6_var.h
sys/netinet6/route6.c
share/man/man7/sysctl.7To update from CVS, re-build, and re-install a kernel containing
the fix:# cd src
# cvs update sys/netinet6/ip6_input.c
# cvs update sys/netinet6/ip6_var.h
# cvs update sys/netinet6/route6.c
# cvs update share/man/man7/sysctl.7
# build.sh tools kernel=KERNCONFFILE* NetBSD 3.*:
Systems running NetBSD 3.* sources dated from before
2007-04-26 should be upgraded from NetBSD 3.* sources dated
2007-04-27 or later.The following files need to be updated from the
netbsd-3, netbsd-3-0 or netbsd-3-1 branches:
sys/netinet6/ip6_input.c
sys/netinet6/ip6_var.h
sys/netinet6/route6.c
sbin/sysctl/sysctl.8To update from CVS, re-build, and re-install a kernel containing
the fix:# cd src
# cvs update -r sys/netinet6/ip6_input.c
# cvs update -r sys/netinet6/ip6_var.h
# cvs update -r sys/netinet6/route6.c
# cvs update -r sbin/sysctl/sysctl.8
# build.sh tools kernel=KERNCONFFILE* NetBSD 2.*:
Systems running NetBSD 2.* sources dated from before
2007-06-04 should be upgraded from NetBSD 2.* sources dated
2007-06-05 or later.The following files need to be updated from the
netbsd-2, netbsd-2-0 or netbsd-2-1 CVS branches:
sys/netinet6/ip6_input.c
sys/netinet6/ip6_var.h
sys/netinet6/route6.c
sbin/sysctl/sysctl.8To update from CVS, re-build, and re-install a kernel containing
the fix:# cd src
# cvs update -r sys/netinet6/ip6_input.c
# cvs update -r sys/netinet6/ip6_var.h
# cvs update -r sys/netinet6/route6.c
# cvs update -r sbin/sysctl/sysctl.8
# build.sh tools kernel=KERNCONFFILEThanks To
=========Philippe Biondi and Arnaud Ebalard for discovering and reporting this problem.
Revision History
================2007-09-13 Initial release
More Information
================Advisories may be updated as new information becomes available.
The most recent version of this advisory (PGP signed) can be found at
ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2007-005.tx...Information about NetBSD and NetBSD security can be found at
http://www.NetBSD.org/ and http://www.NetBSD.org/Security/.Copyright 2007, The NetBSD Foundation, Inc. All Rights Reserved.
Redistribution permitted only in full, unmodified form.$NetBSD: rt14129_RH0.txt,v 1.3 2007/08/18 20:37:42 mjf Exp $
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (NetBSD)iQCVAwUBRuhdNz5Ru2/4N2IFAQLEkwP/Q8npU5jzm/s95MYHECcGTdW5xPOZu5Pv
UHd8W8/k8e7BygW8hhfrXZQjFmglDsdvkwQL5stPQeWNmYdJAe280UAwn6v+FoTw
LwraKzI82iV1tYhBGlq/TbrkGI4JOmEqpUqqSGtGDnrYT7ZgU0/87VGyHCftvOjE
e0KiJD5McZU=
=1z0U
-----END PGP SIGNATURE-----
| David Miller | Re: Slow DOWN, please!!! |
| debian developer | Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3 |
| Roland Dreier | Re: Integration of SCST in the mainstream Linux kernel |
| Ingo Molnar | Re: containers (was Re: -mm merge plans for 2.6.23) |
git: | |
| Jarek Poplawski | [PATCH] pkt_sched: Destroy gen estimators under rtnl_lock(). |
| Josip Rodin | bnx2_poll panicking kernel |
| David Miller | [GIT]: Networking |
| Gerrit Renker | [PATCH 13/37] dccp: Deprecate Ack Ratio sysctl |
