turning off IPv6

Michal Ludvig michal at logix.cz
Thu Jul 6 23:12:23 UTC 2006


Christofer C. Bell wrote:
> Alexander, system security administration is always a balancing act
> between system security and user convenience.  The IPv6 stack has been
> part of the Linux kernel for nearly 6 years now (and possibly
> longer)[1] and yet no one has managed to find a security problem with
> it (at least that I've heard of).

Linux Kernel IPV6 Local Denial of Service Vulnerability:
http://www.securityfocus.com/bid/15156 (fixed in 2.6.14)

Linux Kernel IPv6 FlowLable Denial Of Service Vulnerability:
http://www.securityfocus.com/bid/15729

Linux Kernel IPV6_Setsockopt IPV6_PKTOPTIONS Integer Overflow Vulnerability:
http://www.securityfocus.com/bid/12441

IIRC there was a remote DoS in the kernel around 2.6.12 (2.6.13?) as
well but can't find it right now.

To cut the flamewar short before it starts - I could find the same list
of IPv4-related problems. This is not to show that IPv6 is less secure
than IPv4, just to demonstrate to that even if someone "haven't heard of
problems" doesn't mean these don't exist ;-)

Michal




More information about the ubuntu-users mailing list