Project

General

Profile

Actions

Bug #2581

closed

IPv6 DoS

Added by logan1 over 11 years ago. Updated about 11 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Start date:
08/21/2013
Due date:
% Done:

0%

Estimated time:

Description

OpenBSD recently fixed an issue:

"A local denial of service is possible by an unprivileged user if the SIOCSIFADDR ioctl is performed upon an AF_INET6 socket with a specially crafted parameter."

http://ftp.openbsd.org/pub/OpenBSD/patches/5.3/common/005_in6.patch

NetBSD as well fixed this issue:

http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/netinet6/in6.c?rev=1.104&content-type=text/x-cvsweb-markup&only_with_tag=MAIN

Feedback ?


Files

dfly_in6_2.diff (527 Bytes) dfly_in6_2.diff tuxillo, 08/22/2013 04:06 AM
dfly_in6_2.patch (527 Bytes) dfly_in6_2.patch logan1, 08/22/2013 04:10 AM
dflybsd_ipv6.diff (439 Bytes) dflybsd_ipv6.diff logan1, 09/18/2013 12:23 AM
Actions #1

Updated by logan1 over 11 years ago

  • File dfly_in6_2.diff added

Updated diff to include another parameter that shouldn't be passed to ioctl().

Based on a similar diff from NetBSD.

Actions #2

Updated by logan1 over 11 years ago

  • File deleted (dfly_in6_2.diff)
Actions #3

Updated by logan1 over 11 years ago

  • File dfly_in6_2.diff added

2nd patch didn't go through properly.

Trying again.

Actions #4

Updated by logan1 over 11 years ago

  • File deleted (dfly_in6_2.diff)
Actions #5

Updated by logan1 over 11 years ago

  • File deleted (dflybsd_in6.diff)
Actions #6

Updated by logan1 over 11 years ago

  • File dfly_in6_2.diff added

latest diff.

Actions #7

Updated by logan1 over 11 years ago

  • File deleted (dfly_in6_2.diff)
Actions #8

Updated by logan1 over 11 years ago

  • File dfly_in6_2.patch added
Actions #9

Updated by logan1 over 11 years ago

I give up. patch gets garbled when I upload it.

I'm posting it on my personal website.
http://www.elandsys.com/~logan/dfly_in6_2.diff

Actions #10

Updated by tuxillo over 11 years ago

  • File deleted (dfly_in6_2.patch)
Actions #13

Updated by logan1 over 11 years ago

  • File dfly_in6_2.patch added

Attempt to attach diff again.

Actions #14

Updated by logan1 over 11 years ago

From Chrome instead of Safari.

Actions #15

Updated by logan1 over 11 years ago

  • File deleted (dfly_in6_2.patch)
Actions #16

Updated by logan1 over 11 years ago

Add SIOCSIFBRDADDR & case SIOCSIFNETMASK as well as a safety measure (From FreeBSD).

Actions #17

Updated by logan1 about 11 years ago

  • Status changed from New to Closed

fixed in master

Actions

Also available in: Atom PDF