Date: Mon, 30 Apr 2007 20:48:44 -0400 From: Kris Kennaway <kris@obsecurity.org> To: Michael Nottebrock <lofi@freebsd.org> Cc: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-07:03.ipv6 Message-ID: <20070501004843.GA70515@xor.obsecurity.org> In-Reply-To: <200704302115.49754.lofi@freebsd.org> References: <200704262349.l3QNnmro085350@freefall.freebsd.org> <4633BDE9.7080103@yahoo.com> <20070429052519.GB99449@svzserv.kemerovo.su> <200704302115.49754.lofi@freebsd.org>
index | next in thread | previous in thread | raw e-mail
On Mon, Apr 30, 2007 at 09:15:42PM +0200, Michael Nottebrock wrote: > On Sunday, 29. April 2007, Eugene Grosbein wrote: > > On Sat, Apr 28, 2007 at 05:34:33PM -0400, Peter Thoenen wrote: > > > Umm maybe its just but I fail to see why this is a security advisory > > > (initially caught this on the OBSD list). You are following the RFC .. > > > if you don't like "evil" packets, then drop them at the firewall or > > > router layer ... don't see the need for an OS fix. > > > > Design flow in the RFC still may be security vulnerability, doesn't it? > > The last "fix" for a IPv6 design flaw contributed by OpenBSD (disable > IPv4-mapped IPv6 addresses by default) caused rather unpleasant side-effects > in a number of applications. Will this change have similar effects? I've > gathered by now that in OpenBSD there is little concern for such things. This functionality required by RFC 2460 appears to be completely unused by any RFC. Krishome | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070501004843.GA70515>