Full Disclosure mailing list archives
Remote openbsd crash with ip6, yet still openbsd much better than windows
From: Georgi Guninski <guninski () guninski com>
Date: Wed, 4 Feb 2004 18:08:53 +0200
Georgi Guninski security advisory #66, 2004 Remote openbsd crash with ip6, yet still openbsd much better than windows Systems affected: tested on openbsd 3.4 not clear about netbsd freebsd not vulnerable Risk: Medium Date: 4 February 2004 Legal Notice: This Advisory is Copyright (c) 2004 Georgi Guninski. You may distribute it unmodified. You may not modify it and distribute it or distribute parts of it without the author's written permission - this especially applies to so called "vulnerabilities databases" and securityfocus, microsoft, cert and mitre. If you want to link to this content use the URL: http://www.guninski.com/obsdmtu.html Anything in this document may change without notice. Disclaimer: The information in this advisory is believed to be true though it may be false. The opinions expressed in this advisory and program are my own and not of any company. The usual standard disclaimer applies, especially the fact that Georgi Guninski is not liable for any damages caused by direct or indirect use of the information or functionality provided by this advisory or program. Georgi Guninski bears no responsibility for content or misuse of this advisory or program or any derivatives thereof. Description: It is possible to remotely crash openbsd 3.4 if the host receives icmpv6 and there is a listening tcp port. quoting de raadt: "it is just a crash." remote crash which screws the kernel. unknown whether this may be exploited for code execution. Details: The problem is triggered by setting small ipv6 mtu and then doing tcp connect. How to reproduce: Patch linux kernel 2.4.24 net/ipv6/icmp.c : case ICMPV6_ECHO_REPLY: /* we coulnd't care less */ icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, 68, skb->dev); //joro ping6 openbsd ssh -6 openbsd Workaround: It is believed that openbsd current is not vulnerable. netbsd current also seems to have related changes. check: http://www.openbsd.org/cgi-bin/cvsweb/src/sys/netinet6/ip6_output.c http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/netinet/tcp_output.c?sortby=date Vendor status: open, net and freebsd were notified Sun, 1 Feb 2004 16:35:56 +0200 Georgi Guninski http://www.guninski.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Remote openbsd crash with ip6, yet still openbsd much better than windows Georgi Guninski (Feb 04)
- Re: Remote openbsd crash with ip6, yet still openbsd much better than windows Georgi Guninski (Feb 05)