Date: Wed, 7 Aug 2019 13:06:17 -0400 From: Mike Tancsa <mike@sentex.net> To: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-19:19.mldv2 Message-ID: <d172247e-1602-ade2-02e6-f9adebe18cab@sentex.net> In-Reply-To: <20190806183211.EE35BEE16@freefall.freebsd.org> References: <20190806183211.EE35BEE16@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Does anyone have any more details about the implication of this ? e.g. does a daemon need to be listening on a target device ? Is it merely the act of forwarding such packets ? Can a non root user open such a daemon ? Thanks, ---Mike > ============================================================================= > FreeBSD-SA-19:19.mldv2 Security > Advisory > The FreeBSD > Project > > Topic: ICMPv6 / MLDv2 out-of-bounds memory access > MLDv2 is the Multicast Listener Discovery protocol, version 2. It is used > by IPv6 routers to discover multicast listeners. > > II. Problem Description > > The ICMPv6 input path incorrectly handles cases where an MLDv2 listener > query packet is internally fragmented across multiple mbufs. > > III. Impact > > A remote attacker may be able to cause an out-of-bounds read or write that > may cause the kernel to attempt to access an unmapped page and > subsequently > panic.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?d172247e-1602-ade2-02e6-f9adebe18cab>