From owner-freebsd-security@FreeBSD.ORG  Tue May  1 00:48:45 2007
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
X-Original-To: freebsd-security@freebsd.org
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 50A6516A401;
	Tue,  1 May 2007 00:48:45 +0000 (UTC)
	(envelope-from kris@obsecurity.org)
Received: from elvis.mu.org (elvis.mu.org [192.203.228.196])
	by mx1.freebsd.org (Postfix) with ESMTP id 3EF8B13C448;
	Tue,  1 May 2007 00:48:45 +0000 (UTC)
	(envelope-from kris@obsecurity.org)
Received: from obsecurity.dyndns.org (elvis.mu.org [192.203.228.196])
	by elvis.mu.org (Postfix) with ESMTP id E4BD21A4DBA;
	Mon, 30 Apr 2007 17:49:16 -0700 (PDT)
Received: by obsecurity.dyndns.org (Postfix, from userid 1000)
	id 6F1C4513AD; Mon, 30 Apr 2007 20:48:44 -0400 (EDT)
Date: Mon, 30 Apr 2007 20:48:44 -0400
From: Kris Kennaway <kris@obsecurity.org>
To: Michael Nottebrock <lofi@freebsd.org>
Message-ID: <20070501004843.GA70515@xor.obsecurity.org>
References: <200704262349.l3QNnmro085350@freefall.freebsd.org>
	<4633BDE9.7080103@yahoo.com>
	<20070429052519.GB99449@svzserv.kemerovo.su>
	<200704302115.49754.lofi@freebsd.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <200704302115.49754.lofi@freebsd.org>
User-Agent: Mutt/1.4.2.2i
Cc: freebsd-security@freebsd.org
Subject: Re: FreeBSD Security Advisory FreeBSD-SA-07:03.ipv6
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 01 May 2007 00:48:45 -0000

On Mon, Apr 30, 2007 at 09:15:42PM +0200, Michael Nottebrock wrote:
> On Sunday, 29. April 2007, Eugene Grosbein wrote:
> > On Sat, Apr 28, 2007 at 05:34:33PM -0400, Peter Thoenen wrote:
> > > Umm maybe its just but I fail to see why this is a security advisory
> > > (initially caught this on the OBSD list).  You are following the RFC ..
> > > if you don't like "evil" packets, then drop them at the firewall or
> > > router layer ... don't see the need for an OS fix.
> >
> > Design flow in the RFC still may be security vulnerability, doesn't it?
> 
> The last "fix" for a IPv6 design flaw contributed by OpenBSD (disable 
> IPv4-mapped IPv6 addresses by default) caused rather unpleasant side-effects 
> in a number of applications. Will this change have similar effects? I've 
> gathered by now that in OpenBSD there is little concern for such things.

This functionality required by RFC 2460 appears to be completely
unused by any RFC.

Kris