Bug#684072: CVE-2011-2393: ICMPv6 Router Announcement flooding DoS
forwarded 684072 http://www.freebsd.org/cgi/query-pr.cgi?pr=158726
--
The description of the problem is:
When flooding the local network with random router advertisements,
hosts and routers update the network information, consuming all
available CPU resources, making the systems unusable and unresponsive.
It happens only iff IPv6 autoconfiguration is enabled.
But we have only two choices
a) allow autoconfiguration and trust the network to provide correct input
for autoconfiguration
b) disable autoconfiguration and configure interface manually
Whether autoconfiguration is enabled is controlled by sysctl.
The pristine FreeBSD have autoconfiguration disabled,
our kernel have it enabled to match Linux kernel behaviour:
kfreebsd-8 (8.0-9) unstable; urgency=low
[ Aurelien Jarno ]
* Default to netinet6.ip6.v6only=0 and netinet6.ip6.accept_rtadv=1
to match the Linux kernel defaults.
-- Aurelien Jarno <aurel32@debian.org> Wed, 23 Jun 2010 21:31:54 +0200
What should we do ?
Petr
Reply to: