[Infowarrior] - OpenBSD hit by 'critical' IPv6 flaw

Richard Forno rforno at infowarrior.org
Wed Mar 14 19:45:03 UTC 2007 

OpenBSD hit by 'critical' IPv6 flaw

By Joris Evers
http://news.com.com/OpenBSD+hit+by+critical+IPv6+flaw/2100-1002_3-6167193.ht
ml

Story last modified Wed Mar 14 11:17:41 PDT 2007


A vulnerability in the way OpenBSD handles IPv6 data packets opens systems
running the traditionally secure open-source operating system to serious
attack.

A memory corruption vulnerability error exists in the OpenBSD code that
handles IPv6 packets, Core Security Technologies said in an alert published
Tuesday. Exploiting the flaw could let an attacker commandeer a vulnerable
system, according to Core, which said it discovered the issue and crafted
sample exploit code.

"This vulnerability allows attackers to gain complete control of the target
system bypassing all the operating system's security mechanisms," Core said
in a statement Wednesday. Core deems the issue "critical." Security
monitoring company Secunia rates it "highly critical."

OpenBSD is one of several operating systems based on the Berkeley Software
Distribution, or BSD. The most popular BSD descendents are FreeBSD, PCBSD
and NetBSD, with OpenBSD coming in fourth, according to the BSDstats
project.

OpenBSD is mostly known for its security enhancements and is used for
firewalls, intrusion detection systems and other applications. Google is
among OpenBSD users and backers. The OpenBSD team likes to tout that only a
few remotely exploitable vulnerabilities have been found in the code in a
decade.

A security update was issued last week to deal with the OpenBSD issue, which
affects multiple releases of the operating system.

Default installations of OpenBSD are vulnerable as IPv6 is enabled and the
system does not filter inbound packets, Core said. IPv6 is the next version
of the Internet Protocol designed to support a broader range of IP addresses
as the IP version 4 addresses currently in use become more scarce.

To exploit the vulnerability an attacker must have the ability to send
malicious IPv6 packets to the target system or be on the same network,
Symantec said in an alert. The Cupertino, Calif., security company raised
its ThreatCon to level 2 because of the issue, which means attacks are
expected.

As a work-around for users who can not apply the OpenBSD patch or who do not
need to process or route IPv6 traffic on their systems, all inbound IPv6
packets can be blocked by using Openness' firewall.

More information about the Infowarrior mailing list