From owner-freebsd-net@FreeBSD.ORG Fri Apr 3 02:16:18 2015 Return-Path: Delivered-To: net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 7FFCF3BA for ; Fri, 3 Apr 2015 02:16:18 +0000 (UTC) Received: from mail-wg0-x235.google.com (mail-wg0-x235.google.com [IPv6:2a00:1450:400c:c00::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 19D82DFA for ; Fri, 3 Apr 2015 02:16:18 +0000 (UTC) Received: by wgra20 with SMTP id a20so100579806wgr.3 for ; Thu, 02 Apr 2015 19:16:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=eitanadler.com; s=0xdeadbeef; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :content-type; bh=Ydnta1NlMfzRvfHVKUMTtf9FI1GO//1K0BNBvQlQ/7o=; b=kX0rpvkSX/Ah8gfvFwAHCmt5PZWZT8gMdTeAjZEY1EqcJ9Mh6huOBxyhGgAuTw2n/r 5zZQpcdzgPMCOgAh7li0F5P+LUP/vHZBRwrEPuOKISqd5K3z1E43n5WPtwPCXVyXZnbn bNo8t10i728I5ftTpVhYCbaKRM1N9iDkvL5QE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:content-type; bh=Ydnta1NlMfzRvfHVKUMTtf9FI1GO//1K0BNBvQlQ/7o=; b=PlhrjvXyYoVJ2R/BMQvWsp8Uwt1hS6WPNcm+lzqO+oY7HlLvkkedNaIw+9r0mtwBUr 20EL2dG8BoTSc1ehd+5zqG2CkSupzqN3AzaE470VNe+psZZGRHegR1MkzACzJSCni1le le2ZKD32x1ldF+fYGZm4zBpTSnOy7vXZviI5uPF/RvJXlkE07VK1sFuGXZ0UD5X98oId 0x48xLfvKZak/2Afd2wBeDzlp1DprZog7fFBzWXw7vGgT/HV/bDm4COYMuvb9RllBIIt v5EHhgf80kAumcJqwM6C+2Q+ha1wwA0/RzzpWYjVH4Mi/4UfX2wJ5ejOu8QiRWeQ2k3X jM7Q== X-Gm-Message-State: ALoCoQnrsz3BhR0WMlMvHNYE3G1Z2YGFGj3NvJkl8SNTBAjDcX+78Uxl6PmCzMR7tJetuzMQe6i0 X-Received: by 10.180.216.38 with SMTP id on6mr1235751wic.15.1428027375726; Thu, 02 Apr 2015 19:16:15 -0700 (PDT) MIME-Version: 1.0 Received: by 10.28.211.135 with HTTP; Thu, 2 Apr 2015 19:15:45 -0700 (PDT) In-Reply-To: References: From: Eitan Adler Date: Thu, 2 Apr 2015 19:15:45 -0700 Message-ID: Subject: Fwd: [oss-security] CVE Request : IPv6 Hop limit lowering via RA messages To: FreeBSD Security Team , "freebsd-net@freebsd.org" , ljungmark@modio.se, oss-security@lists.openwall.com Content-Type: text/plain; charset=UTF-8 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Apr 2015 02:16:18 -0000 + FreeBSD lists since I haven't seen any relevant patches (although I might have missed them). ---------- Forwarded message ---------- From: D.S. Ljungmark Date: 2 April 2015 at 10:19 Subject: [oss-security] CVE Request : IPv6 Hop limit lowering via RA messages To: oss-security@lists.openwall.com An unprivileged user on a local network can use IPv6 Neighbour Discovery ICMP to broadcast a non-route with a low hop limit, this causing machines to lower the hop limit on existing IPv6 routes. Linux Patch: http://www.spinics.net/lists/netdev/msg322361.html Redhat bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1203712 Projects impacted: Linux kernel, NetworkManager, FreeBSD Kernel Regards, D.S. Ljungmark -- Eitan Adler