FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FreeBSD -- IPv6 Routing Header 0 is dangerous

Affected systems
6.2 < FreeBSD < 6.2_4
6.1 < FreeBSD < 6.1_16
5.5 < FreeBSD < 5.5_12

Details

VuXML ID 275b845e-f56c-11db-8163-000e0c2e438a
Discovery 2007-04-26
Entry 2007-04-28

Problem Description

There is no mechanism for preventing IPv6 routing headers from being used to route packets over the same link(s) many times.

Impact

An attacker can "amplify" a denial of service attack against a link between two vulnerable hosts; that is, by sending a small volume of traffic the attacker can consume a much larger amount of bandwidth between the two vulnerable hosts.

An attacker can use vulnerable hosts to "concentrate" a denial of service attack against a victim host or network; that is, a set of packets sent over a period of 30 seconds or more could be constructed such that they all arrive at the victim within a period of 1 second or less over a period of 30 seconds or more could be constructed such that they all arrive at the victim within a period of 1 second or less.

Other attacks may also be possible.

Workaround

No workaround is available.

References

CVE Name CVE-2007-2242
FreeBSD Advisory SA-07:03.ipv6