List Info

Thread: NetBSD Security Advisory 2007-005: IPv6 Type 0 Routing Header
NetBSD Security Advisory 2007-005: IPv6 Type 0 Routing Header
country flaguser name
United States		 2007-09-13 16:55:28 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


		 NetBSD Security Advisory 2007-005
		 =================================

Topic:		IPv6 Type 0 Routing Header

Version:	NetBSD-current:	source prior to April 22, 2007
		NetBSD 4.0_BETA2	affected
		NetBSD 3.1:		affected
		NetBSD 3.0.*:		affected
		NetBSD 3.0:		affected
		NetBSD 2.1:		affected
		NetBSD 2.0.*:		affected
		NetBSD 2.0:		affected

Severity:	Remote Denial of Service 

Fixed:		NetBSD-current:		April 22, 2007
		NetBSD-4 branch:	April 28, 2007
			(4.0 will include the fix)
		NetBSD-3-1 branch	April 26, 2007
			(3.1.1 will include the fix)
		NetBSD-3-0 branch:	April 26, 2007
			(3.0.3 will include the fix)
		NetBSD-3 branch:	April 26, 2007
		NetBSD-2-1 branch:	June 04, 2007
		NetBSD-2-0 branch:	June 04, 2007
		NetBSD-2 branch:	June 04, 2007

Abstract
========

A crafted IPv6 Type 0 Routing Header packet(s) can be used
to launch a 
denial of service attack on an IPv6 host.

This vulnerability has been assigned CVE reference
CVE-2007-2242.

Technical Details
=================

A remote attacker can transmit crafted IPv6 packets using a
Type 0 Routing 
Header. The result is a type of denial of service attack
known as a
traffic amplification attack where the bandwidth between the
sending 
and receiving hosts increases during the attack.

Solutions and Workarounds
=========================

To rectify these problems a kernel built from sources
containing the
fixes must be installed and the system rebooted. The fixes
introduce a
new sysctl(8) that can be used to control the processing of
IPv6 type 0
packets. The new sysctl is named net.inet6.ip6.rht0 and has
three possible
values:

	-1	Processing is disabled (default).
	 0	Processing is enabled only for routers and not for
hosts.
	 1	Processing is enabled for both routers and hosts.

NOTE: This sysctl was later removed from NetBSD-current on
May 17 2007 and
the default was hard set to drop IPv6 type 0 packets. This
sysctl may
disappear from future NetBSD releases.

The following instructions describe how to upgrade your
kernel
by updating your source tree and rebuilding and installing a
new version
of the kernel.

For more information on how to do this, see:

    http:
//www.NetBSD.org/guide/en/chap-kernel.html

* NetBSD-current:

	Systems running NetBSD-current dated from before
2007-04-22
	should be upgraded to NetBSD-current dated 2007-04-23 or
later.

	The following files need to be updated from the
	netbsd-current CVS branch (aka HEAD):
		sys/netinet6/ip6_input.c
		sys/netinet6/ip6_var.h
		sys/netinet6/route6.c
		share/man/man7/sysctl.7

	To update from CVS, re-build, and re-install a kernel
containing
	the fix:

		# cd src
		# cvs update sys/netinet6/ip6_input.c
		# cvs update sys/netinet6/ip6_var.h
		# cvs update sys/netinet6/route6.c
		# cvs update share/man/man7/sysctl.7
		# build.sh tools kernel=KERNCONFFILE

* NetBSD 3.*:

	Systems running NetBSD 3.* sources dated from before
	2007-04-26 should be upgraded from NetBSD 3.* sources
dated
	2007-04-27 or later.

	The following files need to be updated from the
	netbsd-3, netbsd-3-0 or netbsd-3-1 branches:
		sys/netinet6/ip6_input.c
		sys/netinet6/ip6_var.h
		sys/netinet6/route6.c
		sbin/sysctl/sysctl.8	

	To update from CVS, re-build, and re-install a kernel
containing
	the fix:

		# cd src
		# cvs update -r <branch_name>
sys/netinet6/ip6_input.c
		# cvs update -r <branch_name>
sys/netinet6/ip6_var.h
		# cvs update -r <branch_name> sys/netinet6/route6.c
		# cvs update -r <branch_name> sbin/sysctl/sysctl.8
		# build.sh tools kernel=KERNCONFFILE

* NetBSD 2.*:

	Systems running NetBSD 2.* sources dated from before
	2007-06-04 should be upgraded from NetBSD 2.* sources
dated
	2007-06-05 or later.

	The following files need to be updated from the
	netbsd-2, netbsd-2-0 or netbsd-2-1 CVS branches:
		sys/netinet6/ip6_input.c
		sys/netinet6/ip6_var.h
		sys/netinet6/route6.c
		sbin/sysctl/sysctl.8	

	To update from CVS, re-build, and re-install a kernel
containing
	the fix:

		# cd src
		# cvs update -r <branch_name>
sys/netinet6/ip6_input.c
		# cvs update -r <branch_name>
sys/netinet6/ip6_var.h
		# cvs update -r <branch_name> sys/netinet6/route6.c
		# cvs update -r <branch_name> sbin/sysctl/sysctl.8
		# build.sh tools kernel=KERNCONFFILE

Thanks To
=========

Philippe Biondi and Arnaud Ebalard for discovering and
reporting this problem.

Revision History
================

	2007-09-13	Initial release


More Information
================

Advisories may be updated as new information becomes
available.
The most recent version of this advisory (PGP signed) can be
found at 
 
ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-S
A2007-005.txt.asc

Information about NetBSD and NetBSD security can be found
at
http://www.NetBSD.org/
and http://www.NetBSD.or
g/Security/.


Copyright 2007, The NetBSD Foundation, Inc.  All Rights
Reserved.
Redistribution permitted only in full, unmodified form.

$NetBSD: rt14129_RH0.txt,v 1.3 2007/08/18 20:37:42 mjf Exp
$

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (NetBSD)

iQCVAwUBRuhdNz5Ru2/4N2IFAQLEkwP/Q8npU5jzm/s95MYHECcGTdW5xPOZ
u5Pv
UHd8W8/k8e7BygW8hhfrXZQjFmglDsdvkwQL5stPQeWNmYdJAe280UAwn6v+
FoTw
LwraKzI82iV1tYhBGlq/TbrkGI4JOmEqpUqqSGtGDnrYT7ZgU0/87VGyHCft
vOjE
e0KiJD5McZU=
=1z0U
-----END PGP SIGNATURE-----
[1]

about | contact  Other archives ( Real Estate discussion Medical topics )