Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Next revisionBoth sides next revision
advisory:2021-02-02-1 [2021/02/02 08:37] – added requirements ynezzadvisory:2021-02-02-1 [2021/02/02 19:44] – [DESCRIPTION] dedeckeh
Line 1: Line 1:
-====== Security Advisory 2021-02-02-1 - netifd and odhcp6c routing loop on IPv6 point to point links ======+====== Security Advisory 2021-02-02-1 - netifd and odhcp6c routing loop on IPv6 point to point links (CVE pending) ======
  
 ===== DESCRIPTION ===== ===== DESCRIPTION =====
  
-If a link prefix route points to a point-to-point link it can trigger a routing loop if the destination IPv6 address belongs to the prefix. If such a packet is received and not directed to a local IPv6 address it will be routed to the point-to-point link due to the link prefix route; the upstream ISP router will route the IPv6 packet back due to the assigned prefix route creating a "ping pong" effect.+In case a link prefix route points to a point-to-point link it can trigger a routing loop if the destination IPv6 address belongs to the prefix and is not a local IPv6 address. If such a packet is received and not directed to a local IPv6 address it will be routed back to the point-to-point link due to the link prefix route; the upstream ISP router will in its turn route the IPv6 packet back due to the assigned prefix route creating a "ping pong" effect.
  
 The possible routing loop on point-to-point links (e.g PPP) can happen, when the WAN interface is assigned a globally unique prefix (e.g. 2001:db8:1:0::/64) from which an IPv6 address is picked and installed on the wan interface (e.g. 2001:db8:1:0:5054:ff:feab:d87c/64). The possible routing loop on point-to-point links (e.g PPP) can happen, when the WAN interface is assigned a globally unique prefix (e.g. 2001:db8:1:0::/64) from which an IPv6 address is picked and installed on the wan interface (e.g. 2001:db8:1:0:5054:ff:feab:d87c/64).
Line 47: Line 47:
 ===== CREDITS ===== ===== CREDITS =====
  
-This issue was identified by Xiang Li from Network and Information Security Lab at Tsinghua University and fixed by Hans Dedecker.+This issue was identified by Xiang Li from [[https://netsec.ccert.edu.cn/|Network and Information Security]] Lab at Tsinghua University and fixed by Hans Dedecker.
  
 ===== REFERENCES ===== ===== REFERENCES =====
  • Last modified: 2021/02/08 07:00
  • by ynezz