Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 30 Apr 2007 20:48:44 -0400
From:      Kris Kennaway <kris@obsecurity.org>
To:        Michael Nottebrock <lofi@freebsd.org>
Cc:        freebsd-security@freebsd.org
Subject:   Re: FreeBSD Security Advisory FreeBSD-SA-07:03.ipv6
Message-ID:  <20070501004843.GA70515@xor.obsecurity.org>
In-Reply-To: <200704302115.49754.lofi@freebsd.org>
References:  <200704262349.l3QNnmro085350@freefall.freebsd.org> <4633BDE9.7080103@yahoo.com> <20070429052519.GB99449@svzserv.kemerovo.su> <200704302115.49754.lofi@freebsd.org>

next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Apr 30, 2007 at 09:15:42PM +0200, Michael Nottebrock wrote:
> On Sunday, 29. April 2007, Eugene Grosbein wrote:
> > On Sat, Apr 28, 2007 at 05:34:33PM -0400, Peter Thoenen wrote:
> > > Umm maybe its just but I fail to see why this is a security advisory
> > > (initially caught this on the OBSD list).  You are following the RFC ..
> > > if you don't like "evil" packets, then drop them at the firewall or
> > > router layer ... don't see the need for an OS fix.
> >
> > Design flow in the RFC still may be security vulnerability, doesn't it?
> 
> The last "fix" for a IPv6 design flaw contributed by OpenBSD (disable 
> IPv4-mapped IPv6 addresses by default) caused rather unpleasant side-effects 
> in a number of applications. Will this change have similar effects? I've 
> gathered by now that in OpenBSD there is little concern for such things.

This functionality required by RFC 2460 appears to be completely
unused by any RFC.

Kris



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070501004843.GA70515>