OpenBSD IPv6 remote vulnerability
OpenBSD 3.9 and 4.0 have fixed an issue to correct a problem in the IPv6 stack.
Source code patches are available at:
# vi /etc/pf.conf
The patch itself is a kernel patch, so you will need to recompile a kernel, install it and reboot the affected machines.
Update (Arrigo): the 3.9 patch applies cleanly to the 3.8, 3.7 and even 3.0 trees. No excuse not to patch older systems!
--
Swa Frantzen -- NET2S
Source code patches are available at:
- ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.0/common/010_m_dup1.patch
- ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.9/common/020_m_dup1.patch
# vi /etc/pf.conf
Add a line:# pfctl -f /etc/pf.conf
block drop in inet6 all
To load the new rules in the pf packet filter# pfctl -s rules
Check the rule got loaded in the runtime rules.The workaround does disable all incoming IPv6 packets on the machine.
The patch itself is a kernel patch, so you will need to recompile a kernel, install it and reboot the affected machines.
Update (Arrigo): the 3.9 patch applies cleanly to the 3.8, 3.7 and even 3.0 trees. No excuse not to patch older systems!
--
Swa Frantzen -- NET2S
Keywords:
0 comment(s)
×
Diary Archives
Comments