Date: Fri, 3 Apr 2015 13:57:02 +0400 From: Loganaden Velvindron <loganaden@gmail.com> To: oss-security@lists.openwall.com Cc: Eitan Adler <lists@eitanadler.com>, Jim Thompson <jim@netgate.com>, FreeBSD Security Team <secteam@freebsd.org>, "freebsd-net@freebsd.org" <net@freebsd.org> Subject: Re: [oss-security] CVE Request : IPv6 Hop limit lowering via RA messages Message-ID: <CAOp4FwRaCkVWVeDtX-hy22Gm8xB=SMbz=fxWkwz4QqgvLU8ayw@mail.gmail.com> In-Reply-To: <CAO0vwOV33zHW=z4FDHq91yX5UHxnDKtXnzqzkYCrR%2Bkoxh1d9g@mail.gmail.com> References: <CAO0vwOXOPSGb8xWiutn%2Br%2BrXhSQc3SwC8-S2bkpRZuRAvDOyHw@mail.gmail.com> <CAF6rxgk6e1rT3prS3SS4FthshnVQdSrrE%2BbB65ps6Tx30UznAA@mail.gmail.com> <942E0C08-E883-429E-9F27-22715C00B684@netgate.com> <CAO0vwOV33zHW=z4FDHq91yX5UHxnDKtXnzqzkYCrR%2Bkoxh1d9g@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Apr 3, 2015 at 1:54 PM, D.S. Ljungmark <ljungmark@modio.se> wrote: > On Fri, Apr 3, 2015 at 6:06 AM, Jim Thompson <jim@netgate.com> wrote: >> have you considered that there might not be a relevant patch because Fre= eBSD=E2=80=99s implementation isn=E2=80=99t affected? > > sys/netinet6/nd6_rtr.c > > 300 if (nd_ra->nd_ra_curhoplimit) > 301 ndi->chlim =3D nd_ra->nd_ra_curhoplimit; > > The only "OUT" in that function I see are tests for: > Not accepting RA > hoplimit on current packet !=3D 255 > not link-local > No extended ipv6 header It is vulnerable. Harrison Grundy and I worked on a patch, and sent it to secteam@. > > > Based on previous testing ( early March 2015), and reading of the > source, I say that FreeBSD is vulnerable. > > > Regards, > D.S. Ljungmark > > >> >> Jim >> >>> On Apr 2, 2015, at 9:15 PM, Eitan Adler <lists@eitanadler.com> wrote: >>> >>> + FreeBSD lists since I haven't seen any relevant patches (although I >>> might have missed them). >>> >>> ---------- Forwarded message ---------- >>> From: D.S. Ljungmark <ljungmark@modio.se> >>> Date: 2 April 2015 at 10:19 >>> Subject: [oss-security] CVE Request : IPv6 Hop limit lowering via RA me= ssages >>> To: oss-security@lists.openwall.com >>> >>> >>> An unprivileged user on a local network can use IPv6 Neighbour >>> Discovery ICMP to broadcast a non-route with a low hop limit, this >>> causing machines to lower the hop limit on existing IPv6 routes. >>> >>> Linux Patch: http://www.spinics.net/lists/netdev/msg322361.html >>> Redhat bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=3D1203712 >>> >>> Projects impacted: Linux kernel, NetworkManager, FreeBSD Kernel >>> >>> >>> Regards, >>> D.S. Ljungmark >>> >>> >>> -- >>> Eitan Adler >>> _______________________________________________ >>> freebsd-net@freebsd.org mailing list >>> http://lists.freebsd.org/mailman/listinfo/freebsd-net >>> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >> --=20 This message is strictly personal and the opinions expressed do not represent those of my employers, either past or present.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAOp4FwRaCkVWVeDtX-hy22Gm8xB=SMbz=fxWkwz4QqgvLU8ayw>