Differences
This shows you the differences between two versions of the page.
| Next revision | Previous revision Next revisionBoth sides next revision | ||
| advisory:2021-02-02-1 [2021/02/02 08:33] – created ynezz | advisory:2021-02-02-1 [2021/02/02 19:44] – [DESCRIPTION] dedeckeh | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ====== Security Advisory 2021-02-02-1 - netifd and odhcp6c routing loop on IPv6 point to point links ====== | + | ====== Security Advisory 2021-02-02-1 - netifd and odhcp6c routing loop on IPv6 point to point links (CVE pending) |
| ===== DESCRIPTION ===== | ===== DESCRIPTION ===== | ||
| - | If a link prefix route points to a point-to-point link it can trigger a routing loop if the destination IPv6 address belongs to the prefix. If such a packet is received and not directed to a local IPv6 address it will be routed to the point-to-point link due to the link prefix route; the upstream ISP router will route the IPv6 packet back due to the assigned prefix route creating a "ping pong" effect. | + | In case a link prefix route points to a point-to-point link it can trigger a routing loop if the destination IPv6 address belongs to the prefix |
| The possible routing loop on point-to-point links (e.g PPP) can happen, when the WAN interface is assigned a globally unique prefix (e.g. 2001: | The possible routing loop on point-to-point links (e.g PPP) can happen, when the WAN interface is assigned a globally unique prefix (e.g. 2001: | ||
| Line 10: | Line 10: | ||
| ===== REQUIREMENTS ===== | ===== REQUIREMENTS ===== | ||
| + | |||
| + | The WAN interface needs to be a point-to-point interface (e.g. PPP) and recevied IPv6 router advertisement messages contains IPv6 prefixes for which the on-link flag is set. | ||
| ===== MITIGATIONS ===== | ===== MITIGATIONS ===== | ||
| Line 45: | Line 47: | ||
| ===== CREDITS ===== | ===== CREDITS ===== | ||
| - | This issue was identified by Xiang Li from Network and Information Security Lab at Tsinghua University and fixed by Hans Dedecker. | + | This issue was identified by Xiang Li from [[https:// |
| ===== REFERENCES ===== | ===== REFERENCES ===== | ||