[USN-1661-1] Linux kernel vulnerability
NoOp
glgxg at sbcglobal.net
Tue Dec 11 20:03:22 UTC 2012
On 12/11/2012 09:38 AM, Kristian Erik Hermansen wrote:
> OK. This may be a dumb question, but I thought IPv6 did away with
> fragmentation precisely to prevent such security issues. What happened here?
>
...
> Summary:
>
> The system's firewall could be bypassed by a remote attacker.
>
> Software Description:
> - linux: Linux kernel
>
> Details:
>
> Zhang Zuotao discovered a bug in the Linux kernel's handling of
> overlapping
> fragments in ipv6. A remote attacker could exploit this flaw to bypass
> firewalls and initial new network connections that should have been
> blocked
> by the firewall.
Actually, IPv6 did the opposite. You might find these interesting:
<http://www.openwall.com/lists/oss-security/2012/11/09/2>
References:
http://tools.ietf.org/rfc/rfc5722.txt
https://media.blackhat.com/bh-eu-12/Atlasis/bh-eu-12-Atlasis-Attacking_IPv6-WP.pdf
[Attacking IPv6 Implementation Using Fragmentation]
rfc5772 is dated December 2009:
Handling of Overlapping IPv6 Fragments
Abstract
The fragmentation and reassembly algorithm specified in the base IPv6
specification allows fragments to overlap. This document
demonstrates the security issues associated with allowing overlapping
fragments and updates the IPv6 specification to explicitly forbid
overlapping fragments.
My question would be: Given that RFC 5772 has been around for 3 years,
why are the kernel maintainers are just now getting around to fixing this?
More information about the ubuntu-users
mailing list