Differences
This shows you the differences between two versions of the page.
| Next revision | Previous revision Next revisionBoth sides next revision | ||
| advisory:2021-02-02-2 [2021/02/02 10:45] – created ynezz | advisory:2021-02-02-2 [2021/02/03 11:35] – [AFFECTED VERSIONS] fix information about 19.07 release ynezz | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ====== Security Advisory 2021-02-02-1 - netifd and odhcp6c routing loop on IPv6 point to point links ====== | + | ====== Security Advisory 2021-02-02-2 - wolfSSL heap buffer overflow in RsaPad_PSS (CVE-2020-36177) |
| ===== DESCRIPTION ===== | ===== DESCRIPTION ===== | ||
| - | If a link prefix route points to a point-to-point link it can trigger a routing loop if the destination IPv6 address belongs to the prefix. If such a packet is received and not directed to a local IPv6 address it will be routed to the point-to-point link due to the link prefix route; the upstream ISP router will route the IPv6 packet back due to the assigned prefix route creating a "ping pong" effect. | + | RsaPad_PSS in wolfcrypt/ |
| - | + | ||
| - | The possible routing loop on point-to-point links (e.g PPP) can happen, when the WAN interface is assigned a globally unique prefix (e.g. 2001:db8:1:0::/64) from which an IPv6 address is picked | + | |
| - | + | ||
| - | The prefix route 2001: | + | |
| ===== REQUIREMENTS ===== | ===== REQUIREMENTS ===== | ||
| - | The WAN interface needs to be a point-to-point interface (e.g. PPP) and recevied IPv6 router advertisement messages contains IPv6 prefixes for which the on-link flag is set. | + | FIXME |
| ===== MITIGATIONS ===== | ===== MITIGATIONS ===== | ||
| - | You need to update the affected | + | You need to update the affected |
| - | opkg update; opkg upgrade | + | opkg update; opkg upgrade |
| Then verify, that you're running fixed version. | Then verify, that you're running fixed version. | ||
| - | opkg list-installed | + | opkg list-installed |
| - | opkg list-installed odhcp6c | + | |
| The above command should output following: | The above command should output following: | ||
| - | netifd | + | libwolfssl24 |
| - | netifd | + | libwolfssl24 |
| - | + | ||
| - | | + | |
| - | | + | |
| The fix is contained in the following and later versions: | The fix is contained in the following and later versions: | ||
| - | * OpenWrt 19.07: 2021-01-17 (fixed by [[https:// | + | * OpenWrt 19.07: 2021-02-02 (fixed by [[https:// |
| - | * OpenWrt master: 2021-01-09 (fixed by [[https:// | + | * OpenWrt master: 2021-01-01 (fixed by [[https:// |
| ===== AFFECTED VERSIONS ===== | ===== AFFECTED VERSIONS ===== | ||
| - | To our knowledge, OpenWrt | + | To our knowledge, OpenWrt |
| - | packages will be integrated | + | versions |
| - | versions of OpenWrt (e.g. OpenWrt 18.06, OpenWrt 15.05 and LEDE 17.01) are end | + | package is not shipped by default |
| + | versions of OpenWrt (e.g. OpenWrt 18.06, OpenWrt 15.05 and LEDE 17.01) are end | ||
| of life and not supported any more. | of life and not supported any more. | ||
| - | |||
| ===== CREDITS ===== | ===== CREDITS ===== | ||
| - | This issue was identified | + | This issue was found by [[https://bugs.chromium.org/ |
| ===== REFERENCES ===== | ===== REFERENCES ===== | ||
| - | ==== Development snapshot ==== | + | * https:// |
| - | * netifd [[commit> | + | * https:// |
| - | * odhcp6c [[commit> | + | * https:// |
| - | + | * https:// | |
| - | ==== OpenWrt 19.07 release ==== | + | * https:// |
| - | * netifd [[commit> | + | |
| - | * odhcp6c [[commit> | + | |