[LAC-TF] Fwd: CVE-2016-1409: IPv6 Neighbor Discovery Crafted Packet Denial of Service Vulnerability

Fernando Gont fgont at si6networks.com
Sun Aug 14 16:23:03 BRT 2016


Aparentemente, algunos dispositivos no descartan los paquetes de ND
recibidos cuando el Hop Limit != 255.

Esto, sumado a que implementar "ARP" sobre IP (como es el caso de ND)
permite que dicho trafico sea ruteable, lleva a cosas como estas.

En fin...

-------- Forwarded Message --------
Subject: CVE-2016-1409: IPv6 Neighbor Discovery Crafted Packet Denial of
Service Vulnerability
Date: Wed, 10 Aug 2016 17:52:16 +0000
From: Suresh Krishnan <suresh.krishnan at ericsson.com>
To: IETF IPv6 Mailing List <ipv6 at ietf.org>, IPv6 Operations
<v6ops at ops.ietf.org>, 6man-chairs at ietf.org <6man-chairs at ietf.org>,
v6ops-chairs at ietf.org <v6ops-chairs at ietf.org>

Hi all,
   I have been notified about this vulnerability and have been asked
whether this is due to an issue with the IPv6 protocol specifications.
At first glance, I have a hard time seeing how this attack is possible
on any compliant RFC4861 implementation given that the 255 Hop Limit
check would drop any remote attack packets. If someone on the 6man/v6ops
mailing lists has further info, can you please contact me off-list. My
goal is to figure out if there is any protocol work or operational
guidance needed from the IETF side.

More info:

This is the CVE list entry in question


The Cisco security advisory


The Juniper knowledge base entry



IETF IPv6 working group mailing list
ipv6 at ietf.org
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6

More information about the LACTF mailing list