Bug#421595: Please disallow Routing Header Type 0 by default (CVE-2007-2242)

To: Alexander Wirt <formorer@formorer.de>, 421595@bugs.debian.org
Subject: Bug#421595: Please disallow Routing Header Type 0 by default (CVE-2007-2242)
From: maximilian attems <max@stro.at>
Date: Mon, 30 Apr 2007 14:57:11 +0200
Message-id: <[🔎] 20070430125711.GC26425@baikonur.stro.at>
Reply-to: maximilian attems <max@stro.at>, 421595@bugs.debian.org
In-reply-to: <[🔎] 20070430123506.GA9927@formorer.de>
References: <[🔎] 20070430123506.GA9927@formorer.de>

On Mon, Apr 30, 2007 at 02:35:06PM +0200, Alexander Wirt wrote:
> Package: linux-2.6
> Severity: grave
> Tags: security
> 
> 
> The IPv6 protocol allows remote attackers to cause a denial of service via
> crafted IPv6 type 0 route headers (IPV6_RTHDR_TYPE_0) that create network
> amplification between two routers. 
> 
> There was already a patch for 2.6.20.9
> (010831ab8436dfd9304b203467566fb6b135c24f). Please apply this patch to all
> debian kernels. 

applied since some days in current trunk 2.6.21


best regards

--
maks

Reply to:

References:
- Bug#421595: Please disallow Routing Header Type 0 by default (CVE-2007-2242)
  - From: Alexander Wirt <formorer@formorer.de>

Prev by Date: Bug#421595: Please disallow Routing Header Type 0 by default (CVE-2007-2242)
Next by Date: Bug#421592: bootplash script has error
Previous by thread: Bug#421595: Please disallow Routing Header Type 0 by default (CVE-2007-2242)
Next by thread: Bug#421611: linux-image-2.6.20-1-amd64: sata_nv is broken on 2.6.20 but not in 2.6.18, same SATA DVD RW-Drive works on SIL 3114 (sata_sil)
Index(es):
- Date
- Thread