Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision
Previous revision
Next revisionBoth sides next revision
advisory:2021-02-02-1 [2021/02/02 08:33] – created ynezzadvisory:2021-02-02-1 [2021/02/02 19:44] – [DESCRIPTION] dedeckeh
Line 1: Line 1:
-====== Security Advisory 2021-02-02-1 - netifd and odhcp6c routing loop on IPv6 point to point links ======+====== Security Advisory 2021-02-02-1 - netifd and odhcp6c routing loop on IPv6 point to point links (CVE pending) ======
  
 ===== DESCRIPTION ===== ===== DESCRIPTION =====
  
-If a link prefix route points to a point-to-point link it can trigger a routing loop if the destination IPv6 address belongs to the prefix. If such a packet is received and not directed to a local IPv6 address it will be routed to the point-to-point link due to the link prefix route; the upstream ISP router will route the IPv6 packet back due to the assigned prefix route creating a "ping pong" effect.+In case a link prefix route points to a point-to-point link it can trigger a routing loop if the destination IPv6 address belongs to the prefix and is not a local IPv6 address. If such a packet is received and not directed to a local IPv6 address it will be routed back to the point-to-point link due to the link prefix route; the upstream ISP router will in its turn route the IPv6 packet back due to the assigned prefix route creating a "ping pong" effect.
  
 The possible routing loop on point-to-point links (e.g PPP) can happen, when the WAN interface is assigned a globally unique prefix (e.g. 2001:db8:1:0::/64) from which an IPv6 address is picked and installed on the wan interface (e.g. 2001:db8:1:0:5054:ff:feab:d87c/64). The possible routing loop on point-to-point links (e.g PPP) can happen, when the WAN interface is assigned a globally unique prefix (e.g. 2001:db8:1:0::/64) from which an IPv6 address is picked and installed on the wan interface (e.g. 2001:db8:1:0:5054:ff:feab:d87c/64).
Line 10: Line 10:
  
 ===== REQUIREMENTS ===== ===== REQUIREMENTS =====
 +
 +The WAN interface needs to be a point-to-point interface (e.g. PPP) and recevied IPv6 router advertisement messages contains IPv6 prefixes for which the on-link flag is set.
  
 ===== MITIGATIONS ===== ===== MITIGATIONS =====
Line 45: Line 47:
 ===== CREDITS ===== ===== CREDITS =====
  
-This issue was identified by Xiang Li from Network and Information Security Lab at Tsinghua University and fixed by Hans Dedecker.+This issue was identified by Xiang Li from [[https://netsec.ccert.edu.cn/|Network and Information Security]] Lab at Tsinghua University and fixed by Hans Dedecker.
  
 ===== REFERENCES ===== ===== REFERENCES =====
  • Last modified: 2021/02/08 07:00
  • by ynezz