Today's ARIN estimated depletion date:


ICMPv6 not dangerous?

2009-05-13

I have in previous posts discussed ICMPv6 and the potential security issues with it. Basically, the issue is that you need to open your firewalls for ICMPv6 “packet too big” messages from any host on the internet. In theory this opens for potential attackers.

Today Apple announced a security issue with MacOS and issued a patch and the following announcement: - “Specifically, when IPv6 support is enabled, an implementation issue in the handling of incoming ICMPv6 Packet Too Big messages could cause an unexpected system shutdown. The update addresses the issue through improved handling of ICMPv6 messages.”

Without being an expert on the MacOS platform, this sounds like a buffer overflow attack. Unexpected shutdown is probably the best case scenario when somebody is trying to exploit this. The situation gets even worse when you realize that the ICMPv6 handler is most likely running in kernel mode. A potential exploit of vulnerability could give the attacker root privileges. And again, incoming ICMPv6 packet too big messages are probably allowed in your firewall.

Start patching if you are using MacOS and IPv6.

Tags: , , ,

One Response to “ICMPv6 not dangerous?”

  1. Thoughts on IPv6 Security, Take Two | Ipv6 In China says on :

    [...] course, with any code, there are bound to be implementation bugs. Most recently, Stephan Lagerholm alterted the IPv6 community to a particularly nasty ICMPv6 bug that was patched in Mac OS X 10.5.7 [...]

Leave a Reply