最新更新

月度热点

相关阅读

网络推荐



本广告位招租!

推荐给好友 上一篇 | 下一篇

安全通告:FreeBSD-SA-08:10.nd6

字号:        | 打印 发布: 2008-10-16 18:28    作者: 剑心通明    来源: 互联网    查看: 119次

Topic: IPv6 Neighbor Discovery Protocol routing vulnerabilityBSD爱好者乐园o_gClF
BSD爱好者乐园 {;U.el4U4R
Category: core
/b*p K6yQ&ND+r4A&ZModule: sys_netinet6
#v-h)Ala#B4A0vCAnnounced: 2008-10-01BSD爱好者乐园9[IE3D Y h\d(^Zs
Credits: David Miles
%GQ$Pe E)o,rmAffects: All supported versions of FreeBSD.
5s+_h!{u6?rCorrected: 2008-10-01 00:32:59 UTC (RELENG_7, 7.1-PRERELEASE)BSD爱好者乐园8v,M eS AQ},`9g
2008-10-01 00:32:59 UTC (RELENG_7_0, 7.0-RELEASE-p5)
*d`%X3fT2008-10-01 00:32:59 UTC (RELENG_6, 6.4-PRERELEASE)
a.O*{6|AZ&{8Q"P F2008-10-01 00:32:59 UTC (RELENG_6_3, 6.3-RELEASE-p5)BSD爱好者乐园yTl3jp rT0Q.F)YO
CVE Name: CVE-2008-2476BSD爱好者乐园%{,f#BI Vb0A

J2t,{Pd d&TFor general information regarding FreeBSD Security Advisories,BSD爱好者乐园+bd'P2h5T3`rP
including descriptions of the fields above, security branches, and the
\JT*zj+Z-Sfollowing sections, please visit <URL:http://security.FreeBSD.org/>.
;b#xq E\?BSD爱好者乐园P(K\:Aa9jTW?
I. Background
h%Jb c2`#l
5kiW-rwX7[cHIPv6 nodes use the Neighbor Discovery protocol to determine the link-layer
]x(F vRXmt5saddress of other nodes, find routers, and maintain reachability information.BSD爱好者乐园IRGG4I+? \
The Neighbor Discovery protocol uses Neighbor Solicitation (ICMPv6 type 135)BSD爱好者乐园(R4VcY D,MV
to query target nodes for their link-layer addresses.BSD爱好者乐园DPcl+e+utY7m#[

-U,Z b3Y MGm'dII. Problem Description
.M Uf Zw#D1LBSD爱好者乐园1f~{Kb2Z*Wp
IPv6 routers may allow "on-link" IPv6 nodes to create and update theBSD爱好者乐园U#B%E$gEhw/@7`
router's neighbor cache and forwarding information. A malicious IPv6 node
o8vW"]%x2R(Y8r }sharing a common router but on a different physical segment from anotherBSD爱好者乐园`-{%Ud+L
node may be able to spoof Neighbor Discovery messages, allowing it to update
P6y$]*z:q0y9Lrouter information for the victim node.
o I6ZKX
]d%TBaihm%pIII. Impact
"u#D&o&u5k4w^ g4Y
v0A?7TY}8kkAn attacker on a different physical network connected to the same IPv6BSD爱好者乐园[IY(J8\q-Zw
router as another node could redirect IPv6 traffic intended for that node.BSD爱好者乐园o0?p s@.R\;S w9bP O
This could lead to denial of service or improper access to private network
p6p)hY8X v3htraffic.BSD爱好者乐园x(^oYp

E qbbxIV. Workaround
2yN{ Zi@,aBSD爱好者乐园ea9K oY5fR
Firewall packet filters can be used to filter incoming NeighborBSD爱好者乐园z:bI%nI ?G{ I"Ll
Solicitation messages but may interfere with normal IPv6 operation if notBSD爱好者乐园D J |,M&{7G8l
configured carefully.BSD爱好者乐园M!T+@9ki
BSD爱好者乐园7eK]}]G/Y
Reverse path forwarding checks could be used to make gateways, such as
k7p b;Wm5drouters or firewalls, drop Neighbor Solicitation messages from
W APu:? b&ZOnodes with unexpected source addresses on a particular interface.BSD爱好者乐园M*W/_Ms _4r&O n
BSD爱好者乐园`N E&TU`4Y9V
IPv6 router administrators are encouraged to read RFC 3756 for furtherBSD爱好者乐园Ej;`4tT7g!?v
discussion of Neighbor Discovery security implications.BSD爱好者乐园Fh}jI^8\bO(Tt9q

cfr?Q R*IhgV. SolutionBSD爱好者乐园BSGc'_I} \q ~,m

0I` |I*E%_#GYNOTE WELL: The solution described below causes IPv6 Neighbor DiscoveryBSD爱好者乐园'\J V/TBe
Neighbor Solicitation messages from non-neighbors to be ignored.BSD爱好者乐园3i#c } SJ C(e)Q
This can be re-enabled if required by setting the newly addedBSD爱好者乐园`,n3Q:m k
net.inet6.icmp6.nd6_onlink_ns_rfc4861 sysctl to a non-zero value.
+l9`O4DN6Y$s?4v0L
S Ib7Q`~ah@lPerform one of the following:BSD爱好者乐园#dc j7dmN2PE

(d!_S {*gvfi0h5u1) Upgrade your vulnerable system to 6-STABLE, or 7-STABLE, or to the
|Ybs R UWRELENG_7_0, or RELENG_6_3 security branch dated after the correction
(f3p-Mb;B(B5j0P:tdate.BSD爱好者乐园i*ah*h.ji m

"h;VeU#l2) To patch your present system:
!Io9_"Sf-F
eS)[/_G3J} GK:GpThe following patches have been verified to apply to FreeBSD 6.3 andBSD爱好者乐园1L8w"R,wg4~'{7`9x(O
7.0 systems.BSD爱好者乐园9Z.t ku pe

M`yI)u&}5o Vh"oa) Download the relevant patch from the location below, and verify the
Aa SSEdetached PGP signature using your PGP utility.
7mhh`f:~#h7TBSD爱好者乐园V,ex$Y&M:~y,^
[FreeBSD 6.3]
l%G!Bz-D1X!n)l# fetchhttp://security.FreeBSD.org/patches/SA-08:10/nd6-6.patch# fetchhttp://security.FreeBSD.org/patches/SA-08:10/nd6-6.patch.ascBSD爱好者乐园 Y;FpM+sw0y+K7P
[FreeBSD 7.0]
qH'N(Y!E}j ^2p'n# fetchhttp://security.FreeBSD.org/patches/SA-08:10/nd6-7.patch# fetchhttp://security.FreeBSD.org/patches/SA-08:10/nd6-7.patch.ascBSD爱好者乐园 msW ylB;g
b) Apply the patch.
Ol[:|_Nc2qI
P$uV9X(sP'Pw# cd /usr/src
sE2U gk'SR3^SOf# patch < /path/to/patch
*`'zJ{~3SBSD爱好者乐园0k7|f]6[D?,L-?Y
c) Recompile your kernel as described in
c5\#\%gdhW<URL:http://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
#q2HaJ#D,Nsystem.BSD爱好者乐园^_hQa o O4]8s
BSD爱好者乐园/Tz&tw'i%L)JGNm
VI. Correction details
CVA o(X0b [q@BSD爱好者乐园J]I;k,M!J Rc M/?
The following list contains the revision numbers of each file that was
fu}-x&][Z!qwcorrected in FreeBSD.BSD爱好者乐园 du+I/s%j

\J5v.P IBranch RevisionBSD爱好者乐园9q`xk,SOod;EQA
Path
T!jY^z O.U(q-K- -------------------------------------------------------------------------
'pD`#j:R*D9d_/}RELENG_6BSD爱好者乐园GVG3dE5NH ?%i
src/sys/netinet6/in6.h 1.36.2.10
jG-fQ:gMsrc/sys/netinet6/in6_proto.c 1.32.2.10BSD爱好者乐园V$NU2N5v2B0X:f
src/sys/netinet6/nd6.h 1.19.2.4
K4M]bKf3k^-a~%wsrc/sys/netinet6/nd6_nbr.c 1.29.2.11
4KY._eh hRELENG_6_3BSD爱好者乐园q9q ?!MXx
src/UPDATING 1.416.2.37.2.10
-eZZ3x\V0D3ysrc/sys/conf/newvers.sh 1.69.2.15.2.9BSD爱好者乐园+E0o6}1n6@J m&{}
src/sys/netinet6/in6.h 1.36.2.8.2.1BSD爱好者乐园4O)H?\oj*m z z d
src/sys/netinet6/in6_proto.c 1.32.2.8.2.1
@W2W*j-g(Tj6msrc/sys/netinet6/nd6.h 1.19.2.2.6.1
JD$S[,I9W;O-jsrc/sys/netinet6/nd6_nbr.c 1.29.2.9.2.1
6GD5x3q:S9lGRELENG_7
N5ZM,nzD\src/sys/netinet6/in6.h 1.51.2.2
C!P d3J-qm%Mm!j_src/sys/netinet6/in6_proto.c 1.46.2.3
'n!C&fvhv6@src/sys/netinet6/nd6.h 1.21.2.2
8q7xyS U!N"gEYsrc/sys/netinet6/nd6_nbr.c 1.47.2.3BSD爱好者乐园B0_y S Pl#s
RELENG_7_0BSD爱好者乐园$\@'d#~'E
src/UPDATING 1.507.2.3.2.9BSD爱好者乐园Pm9r+H;V9T4W{ O9U']
src/sys/conf/newvers.sh 1.72.2.5.2.9BSD爱好者乐园1IsG7z+V%L'B
src/sys/netinet6/in6.h 1.51.4.1
5nJ%NG Gd/Uk nsrc/sys/netinet6/in6_proto.c 1.46.4.1BSD爱好者乐园*l l9jsf2Z
src/sys/netinet6/nd6.h 1.21.4.1BSD爱好者乐园B0d[xT,v
src/sys/netinet6/nd6_nbr.c 1.47.4.1BSD爱好者乐园9\tq/EWO(e
- -------------------------------------------------------------------------BSD爱好者乐园$e-|Dt{#~#Y3Do5}u
BSD爱好者乐园^!qA4U7l*_#bq
VII. References
-fm6`.?2V&v3TPBSD爱好者乐园s1@Qg/I
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2476http://www.kb.cert.org/vuls/id/472363BSD爱好者乐园qyT ~ M"l
The latest revision of this advisory is available atBSD爱好者乐园ru [gHC'n
http://security.FreeBSD.org/advisories/FreeBSD-SA-08:10.nd6.asc-----BEGIN PGP SIGNATURE-----
-T| K8MQVersion: GnuPG v1.4.9 (FreeBSD)
Z4Q&n w+a0R Y-kBSD爱好者乐园a3u6r;|aC_#CQ6g
iEYEARECAAYFAkjkF2cACgkQFdaIBMps37KWWgCZAfug94zPIdkzW0tdIdSDzH/0
tL:wtO2Nj18AnjypvJrRtzeQqhJkRU9wQWozgWvj
(Zwg.Z5g7u!u3gV mh7c=ieTiBSD爱好者乐园A IjWP!i
-----END PGP SIGNATURE-----
[版权声明]BSD爱好者乐园站内文章,如来源不是互联网,则均系原创或翻译之作,可随意转载,或以此为基础进行演译,但务必以链接形式注明原始出处和作者信息,否则属于侵权行为。另对本站转载他处文章,俱有说明,如有侵权请联系本人,本人将会在第一时间删除侵权文章。
TAG: patch 安全
 

评分:0

我来说两句

seccode