Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: OpenBSD IPv6 remote vulnerability SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
OpenBSD IPv6 remote vulnerability
OpenBSD 3.9 and 4.0 have fixed an issue to correct a problem in the IPv6 stack.

Source code patches are available at:
For  workarounds, and if you do not need IPv6, you can use the following (it will block all IPv6):

# vi /etc/pf.conf
Add a line:
block drop in inet6 all
# pfctl -f /etc/pf.conf
To load the new rules in the pf packet filter
# pfctl -s rules
Check the rule got loaded in the runtime rules.
The workaround does disable all incoming IPv6 packets on the machine.

The patch itself is a kernel patch, so you will need to recompile a kernel, install it and reboot the affected machines.

--
Swa Frantzen -- NET2S
Swa

760 Posts
Mar 14th 2007

Sign Up for Free or Log In to start participating in the conversation!