lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 2 Oct 2008 11:07:48 +0300 (EEST)
From:	Pekka Savola <pekkas@...core.fi>
To:	netdev@...r.kernel.org
Subject: Neighbor Discovery from non-neighbors (fwd)

There is a bug in the Neighbor Discovery spec, and it's possible that 
Linux would also be similarly affected.  Anyone check?

For background discussion see: 
http://www.ietf.org/mail-archive/web/ipv6/current/msg09544.html

---------- Forwarded message ----------
Date: Thu, 2 Oct 2008 10:08:07 +0300 (EEST)
From: Pekka Savola <pekkas@...core.fi>
To: ipv6@...f.org
Subject: Neighbor Discovery from non-neighbors

FYI,

http://security.freebsd.org/advisories/FreeBSD-SA-08:10.nd6.asc

"IPv6 routers may allow "on-link" IPv6 nodes to create and update the router's 
neighbor cache and forwarding information.  A malicious IPv6 node sharing a 
common router but on a different physical segment from another node may be able 
to spoof Neighbor Discovery messages, allowing it to update router information 
for the victim node."
...

"NOTE WELL: The solution described below causes IPv6 Neighbor Discovery 
Neighbor Solicitation messages from non-neighbors to be ignored. This can be 
re-enabled if required by setting the newly added 
net.inet6.icmp6.nd6_onlink_ns_rfc4861 sysctl to a non-zero value."

+		/*
+		 * According to recent IETF discussions, it is not a good idea
+		 * to accept a NS from an address which would not be deemed
+		 * to be a neighbor otherwise.  This point is expected to be
+		 * clarified in future revisions of the specification.
+		 */

I wonder if off-list discussion qualifies as "IETF discussion".  Or has this 
been raised on a list somewhere?

http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet6/nd6_nbr.c.diff?r1=1.52;r2=1.53

I guess we have a problem.

-- 
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@...f.org
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists