lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-Id: <20130820.001210.545160050042572433.davem@davemloft.net>
Date:	Tue, 20 Aug 2013 00:12:10 -0700 (PDT)
From:	David Miller <davem@...emloft.net>
To:	hannes@...essinduktion.org
Cc:	netdev@...r.kernel.org, dingtianhong@...wei.com, kargig@...d.gr,
	ppandit@...hat.com, yoshfuji@...ux-ipv6.org
Subject: Re: [PATCH net] ipv6: remove max_addresses check from
 ipv6_create_tempaddr

From: Hannes Frederic Sowa <hannes@...essinduktion.org>
Date: Fri, 16 Aug 2013 13:02:27 +0200

> Because of the max_addresses check attackers were able to disable privacy
> extensions on an interface by creating enough autoconfigured addresses:
> 
> <http://seclists.org/oss-sec/2012/q4/292>
> 
> But the check is not actually needed: max_addresses protects the
> kernel to install too many ipv6 addresses on an interface and guards
> addrconf_prefix_rcv to install further addresses as soon as this limit
> is reached. We only generate temporary addresses in direct response of
> a new address showing up. As soon as we filled up the maximum number of
> addresses of an interface, we stop installing more addresses and thus
> also stop generating more temp addresses.
> 
> Even if the attacker tries to generate a lot of temporary addresses
> by announcing a prefix and removing it again (lifetime == 0) we won't
> install more temp addresses, because the temporary addresses do count
> to the maximum number of addresses, thus we would stop installing new
> autoconfigured addresses when the limit is reached.
> 
> This patch fixes CVE-2013-0343 (but other layer-2 attacks are still
> possible).
> 
> Thanks to Ding Tianhong to bring this topic up again.
> 
> Cc: Ding Tianhong <dingtianhong@...wei.com>
> Cc: George Kargiotakis <kargig@...d.gr>
> Cc: P J P <ppandit@...hat.com>
> Cc: YOSHIFUJI Hideaki <yoshfuji@...ux-ipv6.org>
> Signed-off-by: Hannes Frederic Sowa <hannes@...essinduktion.org>

Applied and queued up for -stable, thanks.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ