Bug #2581

IPv6 DoS

Added by logan1 11 months ago. Updated 10 months ago.

Status:ClosedStart date:08/21/2013
Priority:NormalDue date:
Assignee:-% Done:

0%

Category:-
Target version:-

Description

OpenBSD recently fixed an issue:

"A local denial of service is possible by an unprivileged user if the SIOCSIFADDR ioctl is performed upon an AF_INET6 socket with a specially crafted parameter."

http://ftp.openbsd.org/pub/OpenBSD/patches/5.3/common/005_in6.patch

NetBSD as well fixed this issue:

http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/netinet6/in6.c?rev=1.104&content-type=text/x-cvsweb-markup&only_with_tag=MAIN

Feedback ?

dfly_in6_2.diff Magnifier (527 Bytes) tuxillo, 08/22/2013 04:06 AM

dfly_in6_2.patch Magnifier (527 Bytes) logan1, 08/22/2013 04:10 AM

dflybsd_ipv6.diff Magnifier (439 Bytes) logan1, 09/18/2013 12:23 AM

History

#1 Updated by logan1 11 months ago

  • File dfly_in6_2.diff added

Updated diff to include another parameter that shouldn't be passed to ioctl().

Based on a similar diff from NetBSD.

#2 Updated by logan1 11 months ago

  • File deleted (dfly_in6_2.diff)

#3 Updated by logan1 11 months ago

  • File dfly_in6_2.diff added

2nd patch didn't go through properly.

Trying again.

#4 Updated by logan1 11 months ago

  • File deleted (dfly_in6_2.diff)

#5 Updated by logan1 11 months ago

  • File deleted (dflybsd_in6.diff)

#6 Updated by logan1 11 months ago

  • File dfly_in6_2.diff added

latest diff.

#7 Updated by logan1 11 months ago

  • File deleted (dfly_in6_2.diff)

#8 Updated by logan1 11 months ago

  • File dfly_in6_2.patch added

#9 Updated by logan1 11 months ago

I give up. patch gets garbled when I upload it.

I'm posting it on my personal website.
http://www.elandsys.com/~logan/dfly_in6_2.diff

#10 Updated by tuxillo 11 months ago

  • File deleted (dfly_in6_2.patch)

#11 Updated by tuxillo 11 months ago

#13 Updated by logan1 11 months ago

  • File dfly_in6_2.patch added

Attempt to attach diff again.

#14 Updated by logan1 11 months ago

From Chrome instead of Safari.

#15 Updated by logan1 11 months ago

  • File deleted (dfly_in6_2.patch)

#16 Updated by logan1 10 months ago

Add SIOCSIFBRDADDR & case SIOCSIFNETMASK as well as a safety measure (From FreeBSD).

#17 Updated by logan1 10 months ago

  • Status changed from New to Closed

fixed in master

Also available in: Atom PDF