Contributed by jose on from the MTU-problems dept.
Date: Sun, 8 Feb 2004 00:54:54 +0100 From: Daniel Hartmeier
To: email@example.com Subject: IPv6 MTU handling problem An IPv6 MTU handling problem has been reported by Georgi Guninski, which could be used by an attacker to cause a denial of service attack against hosts reachable through IPv6. When the MTU (maximum transfer unit) for an IPv6 route is set very low, the TCP stack will enter an endless recursion when the next TCP packet is sent. This can be exploited remotely by sending ICMP6 'packet too big' messages containing such low MTU values. The kernel will effectively lock up, causing denial of service. It is not believed that this problem can be used to execute arbitrary code. IPv6 is enabled by default, but the problem can only be exploited remotely against hosts which are reachable through IPv6. Hosts with IPv4 connectivity only are not affected. The problem is fixed in -current, patches for 3.4-stable and 3.3-stable are available at ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.4/common/011_ip6.patch ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/016_ip6.patch  http://www.guninski.com/obsdmtu.html
(Comments are closed)