FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FreeBSD -- Denial of Service with IPv6 Router Advertisements

Affected packages
10.1 <= FreeBSD-kernel < 10.1_9
9.3 <= FreeBSD-kernel < 9.3_13
8.4 <= FreeBSD-kernel < 8.4_27


VuXML ID 0bb55a18-600a-11e6-a6c3-14dae9d210b8
Discovery 2015-04-07
Entry 2016-08-11

Problem Description:

The Neighbor Discover Protocol allows a local router to advertise a suggested Current Hop Limit value of a link, which will replace Current Hop Limit on an interface connected to the link on the FreeBSD system.


When the Current Hop Limit (similar to IPv4's TTL) is small, IPv6 packets may get dropped before they reached their destinations.

By sending specifically crafted Router Advertisement packets, an attacker on the local network can cause the FreeBSD system to lose the ability to communicate with another IPv6 node on a different network.


CVE Name CVE-2015-2923
FreeBSD Advisory SA-15:09.ipv6