[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#684072: CVE-2011-2393: ICMPv6 Router Announcement flooding DoS

Hi Petr,

On 31/08/12 20:06, Petr Salinger wrote:
> But we have only two choices
> a) allow autoconfiguration and trust the network to provide correct input
>    for autoconfiguration

These are only accepted link-locally, and if someone can flood the link
layer with bogus rtadv packets they could flood with anything and still
cause a DoS.  What really matters, I think, is that the system doesn't
crash and that _other_ network interfaces still function.

A safe, tunable limit on how many IPs/routes can be configured through
this mechanism seems sensible.

There was a patch proposed in PR/158726, which implements a _global_
limit.  But that still means bogus rtadv's received on one interface
could break autoconfiguration on another;  a per-interface limit would
be the only way to avoid that.

Unless upstream decide on a good way to patch this, we could choose to
ignore the issue (as something that must be handled by the sysadmin if
the situation arises), or:

> b) disable autoconfiguration and configure interface manually

But if someone is already relying on IPv6 autoconfiguration, changing
the default could leave their system inaccessible after a kernel update.

IPv6-only networks might also depend on this feature to perform a
network install.  If it is disabled by default, we ought to provide an
easy way to re-enable it.

And this wouldn't really fix anything anyway;  if someone needs to
enable rtadv on their system they become vulnerable to the same issue again.

Steven Chamberlain

Reply to: