[USN-1661-1] Linux kernel vulnerability

NoOp glgxg at sbcglobal.net
Tue Dec 11 20:03:22 UTC 2012

On 12/11/2012 09:38 AM, Kristian Erik Hermansen wrote:
> OK. This may be a dumb question, but I thought IPv6 did away with
> fragmentation precisely to prevent such security issues. What happened here?
>     Summary:
>     The system's firewall could be bypassed by a remote attacker.
>     Software Description:
>     - linux: Linux kernel
>     Details:
>     Zhang Zuotao discovered a bug in the Linux kernel's handling of
>     overlapping
>     fragments in ipv6. A remote attacker could exploit this flaw to bypass
>     firewalls and initial new network connections that should have been
>     blocked
>     by the firewall.

Actually, IPv6 did the opposite. You might find these interesting:

[Attacking IPv6 Implementation Using Fragmentation]

rfc5772 is dated December 2009:
 Handling of Overlapping IPv6 Fragments


   The fragmentation and reassembly algorithm specified in the base IPv6
   specification allows fragments to overlap.  This document
   demonstrates the security issues associated with allowing overlapping
   fragments and updates the IPv6 specification to explicitly forbid
   overlapping fragments.

My question would be: Given that RFC 5772 has been around for 3 years,
why are the kernel maintainers are just now getting around to fixing this?

More information about the ubuntu-users mailing list