IPv6 Type 0 routing header denial of service

ipv6-type0-dos (33851)

Low Risk

Description:

The IPv6 protocol could allow a remote attacker to cause a denial of service. By sending an IPv6 packet containing a specially-crafted Type 0 routing header, a remote attacker could create network amplification between two devices, resulting in a denial of service.

Platforms Affected:

• Canonical, Ubuntu 6.06 LTS
• Canonical, Ubuntu 6.10
• IETF, IPv6
• MandrakeSoft, Mandrake Linux 2007 X86_64
• MandrakeSoft, Mandrake Linux 2007
• MandrakeSoft, Mandrake Linux 2007.1
• MandrakeSoft, Mandrake Linux 2007.1 X86_64
• MandrakeSoft, Mandrake Linux 2008.0 X86_64
• MandrakeSoft, Mandrake Linux Corporate Server 3.0
• MandrakeSoft, Mandrake Linux Corporate Server 3.0 X86_64
• MandrakeSoft, Mandrake Linux Corporate Server 4.0
• MandrakeSoft, Mandrake Linux Corporate Server 4.0 X86_64
• MandrakeSoft, Mandrake Multi Network Firewall 2.0
• NetBSD, NetBSD 2.0
• NetBSD, NetBSD 2.0.1
• NetBSD, NetBSD 2.0.2
• NetBSD, NetBSD 2.0.3
• NetBSD, NetBSD 2.0.4
• NetBSD, NetBSD 2.1
• NetBSD, NetBSD 3.0
• NetBSD, NetBSD 3.0.1
• NetBSD, NetBSD 3.0.2
• NetBSD, NetBSD 3.1
• NetBSD, NetBSD 4.0 beta2
• Novell, SLE SDK 10 SP1
• Novell, SUSE Linux Enterprise Desktop 10 SP1
• Novell, SUSE Linux Enterprise Server 10
• Novell, SUSE Linux Enterprise Server 10 SP1
• OpenBSD, OpenBSD 3.9
• OpenBSD, OpenBSD 4.0
• RedHat, Enterprise Linux 5 Client Workstation
• RedHat, Enterprise Linux 5
• RedHat, Enterprise Linux 5 Client
• RedHat, Enterprise Linux Desktop 5.0
• SuSE, SLE SDK 10
• SuSE, SuSE Linux 10.1

Remedy:

Upgrade to the latest version of Linux kernel (2.6.20.9 or 2.6.21 or later), available from the Linux Kernel Archives Web site. See References.

For OpenBSD 3.9:
Refer to OpenBSD 3.9 errata for patch information. See References.

For OpenBSD 4.0:
Refer to OpenBSD 4.0 errata for patch information. See References.

For Red Hat Linux (kernel):
Refer to RHSA-2007:0347 for patch, upgrade, or suggested workaround information. See References.

For Mac OS X:
Refer to Mac OS X 10.4.10 Security Update for patch, upgrade, or suggested workaround information. See References.

For Mandriva Linux (kernel):
Refer to MDKSA-2007:171 for patch, upgrade, or suggested workaround information. See References.

For Ubuntu Linux (linux-source):
Refer to USN-508-1 for patch, upgrade, or suggested workaround information. See References.

For SUSE Linux (kernel):
Refer to SUSE-SA:2007:051 for patch, upgrade, or suggested workaround information. See References.

For NetBSD:
Refer to NetBSD-SA2007-005 for patch, upgrade, or suggested workaround information. See References.

For other distributions:
Contact your vendor for patch or upgrade information.

Consequences:

Denial of Service

References:

• Apple Web site, About the security content of AirPort Extreme Base Station with 802.11n Firmware 7.2.1 at http://docs.info.apple.com:80/article.html?artnum=306375.
• FreeBSD-SA-07:03.ipv6 , IPv6 Routing Header 0 is dangerous at http://security.freebsd.org/advisories/FreeBSD-SA-07:03.ipv6.asc.
• Mac OS X 10.4.10 Security Update, About the security content of the Mac OS X 10.4.10 Update at http://docs.info.apple.com/article.html?artnum=305712.
• NetBSD-SA2007-005, IPv6 Type 0 Routing Header at ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2007-005.txt.asc.
• OpenBSD 3.9 errata, 022: SECURITY FIX: April 23, 2007 at http://openbsd.org/errata39.html#022_route6.
• OpenBSD 4.0 errata, 012: SECURITY FIX: April 23, 2007 at http://openbsd.org/errata40.html#012_route6.
• The Linux Kernel Archives, ChangeLog-2.6.21 at http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.21.
• The Linux Kernel Archives, ChangeLog-2.6.20.9 at http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.20.9.
• BID-23615: IPv6 Protocol Type 0 Route Header Denial of Service Vulnerability
• CVE-2007-2242: The IPv6 protocol allows remote attackers to cause a denial of service via crafted IPv6 type 0 route headers (IPV6_RTHDR_TYPE_0) that create network amplification between two routers.
• FrSIRT/ADV-2007-1563: Linux Kernel IPv6 Protocol Type 0 Route Header Remote Denial of Service Vulnerability
• FrSIRT/ADV-2007-2270: Apple Mac OS X IPv6 Protocol Type 0 Route Header Denial of Service Vulnerability
• FrSIRT/ADV-2007-3050: Apple AirPort Extreme IPv6 Type 0 Route Header Denial of Service Vulnerability
• MDKSA-2007:171: Updated kernel packages fix multiple vulnerabilities and bugs
• MDKSA-2007:196: Updated kernel packages fix multiple vulnerabilities and bugs
• MDKSA-2007:216: Updated kernel packages fix multiple vulnerabilities and bugs
• RHSA-2007-0347: Important: kernel security and bug fix update
• SA24978: OpenBSD IPv6 Type 0 Route Headers Denial of Service
• SA25033: FreeBSD IPv6 Type 0 Route Headers Denial of Service
• SA25068: Linux Kernel IPv6 Type 0 Route Headers and RTA_MAX Denial of Service
• SA25770: Apple Mac OS X IPv6 Type 0 Route Headers Denial of Service
• SA26703: Apple AirPort Extreme Base Station IPv6 Type 0 Route Headers Denial of Service
• SECTRACK ID: 1017949: BSD IPv6 Type 0 Route Headers May Let Remote Users Deny Service
• SUSE-SA:2007:051: Linux kernel security update
• US-CERT VU#267289: IPv6 Type 0 Route Headers allow sender to control routing
• USN-486-1: Linux kernel vulnerabilities
• USN-508-1: Linux kernel vulnerabilities

Reported:

Apr 23, 2007

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.

For corrections or additions please email xforce@iss.net

Return to the main page