Threat Level: green Handler on Duty: Remco Verhoef

SANS ISC: OpenBSD IPv6 remote vulnerability - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
OpenBSD IPv6 remote vulnerability
OpenBSD 3.9 and 4.0 have fixed an issue to correct a problem in the IPv6 stack.

Source code patches are available at:
For  workarounds, and if you do not need IPv6, you can use the following (it will block all IPv6):

# vi /etc/pf.conf
Add a line:
block drop in inet6 all
# pfctl -f /etc/pf.conf
To load the new rules in the pf packet filter
# pfctl -s rules
Check the rule got loaded in the runtime rules.
The workaround does disable all incoming IPv6 packets on the machine.

The patch itself is a kernel patch, so you will need to recompile a kernel, install it and reboot the affected machines.

--
Swa Frantzen -- NET2S
Swa

760 Posts

Sign Up for Free or Log In to start participating in the conversation!