Date: Fri, 19 Oct 2012 23:00:17 +0100 From: Steven Chamberlain <steven@pyro.eu.org> To: freebsd-net@freebsd.org Cc: Moritz Muehlenhoff <jmm@debian.org>, 690986@bugs.debian.org, 690986-forwarded@bugs.debian.org Subject: Debian Bug#690986: CVE-2012-5363 CVE-2012-5365 Message-ID: <5081CD71.2050709@pyro.eu.org> In-Reply-To: <20121019193436.5031.87058.reportbug@pisco.westfalen.local> References: <20121019193436.5031.87058.reportbug@pisco.westfalen.local>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, On 19/10/12 20:34, Moritz Muehlenhoff wrote: > Two security issues were found in the kfreebsd network stack: > http://www.openwall.com/lists/oss-security/2012/10/10/8 > Issue #1 was assigned CVE-2012-5363 > Issue #2 was assigned CVE-2012-5365 Thank you for mentioning it. Issue #2 seems similar to CVE-2011-2393, which I assumed was only relevant where we'd set net.inet6.ip6.accept_rtadv=1, which isn't the upstream FreeBSD default. Issue #1 however might affect any FreeBSD system acting as an IPv6 router. If this can actually be confirmed, then the worst case I can imagine, is if a FreeBSD box acts as an IPv6 router for multiple interfaces, perhaps serving different users; any one of them might flood with Neighbour Solicitations on their local link and create a DoS affecting other interfaces. I found some code committed to OpenBSD (in 2008, uh-oh), supposedly from KAME (but I can't find it in their repository?), implementing per-interface and global limits on the number of prefixes/routes accepted via RA. I imagine that's the best way to avoid some or all of these issues. > http://www.openbsd.org/cgi-bin/cvsweb/src/sys/netinet6/in6_proto.c?sortby=date#rev1.56 Just recently it seems this was also committed to NetBSD HEAD: "4 new sysctls to avoid ipv6 DoS attacks from OpenBSD". I don't know of an easier way to link to a whole CVS commit, but here are (hopefully all) the changes to individual files: > http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/netinet6/ip6_input.c.diff?r1=1.138&r2=1.139&sortby=date&only_with_tag=MAIN > http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/netinet6/ip6_var.h.diff?r1=1.58&r2=1.59&sortby=date&only_with_tag=MAIN > http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/netinet6/nd6.c.diff?r1=1.142&r2=1.143&sortby=date&only_with_tag=MAIN > http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/netinet6/nd6.h.diff?r1=1.56&r2=1.57&sortby=date&only_with_tag=MAIN > http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/netinet6/icmp6.c.diff?r1=1.160&r2=1.161&sortby=date&only_with_tag=MAIN > http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/netinet6/in6.c.diff?r1=1.160&r2=1.161&sortby=date&only_with_tag=MAIN > http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/netinet6/in6_proto.c.diff?r1=1.96&r2=1.97&sortby=date&only_with_tag=MAIN > http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/netinet6/in6_var.h.diff?r1=1.64&r2=1.65&sortby=date&only_with_tag=MAIN > http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/netinet6/nd6_rtr.c.diff?r1=1.82&r2=1.83&sortby=date&only_with_tag=MAIN Regards, -- Steven Chamberlain steven@pyro.eu.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5081CD71.2050709>