[opensuse] The D in Systemd stands for 'Dammmmit!' A nasty DHCPv6 packet can pwn a vulnerable Linux box • The Register
I just came across this article. However, as this quote shows, whoever wrote the article doesn't really understand IPv6: "Thus, a rogue DHCPv6 server on a network, or in an ISP, could emit specially crafted router advertisement messages that wake up these clients, exploit the bug, and possibly hijack or crash vulnerable Systemd-powered Linux machines." Router advertisements are sent via link local addresses, which means only the router on the same network can cause this, as link local addresses are never passed by a router. Also, SLAAC is often used, not DHCPv6 for clients. You won't see any DHCPv6 clients on the local network, unless specifically enabled. The WAN side might be vulnerable, but that would require an ISPs router to be compromised. I doubt most ISPs would be running Linux on their network. They tend to go for high end Cisco gear or equivalent. There are some Cisco models that run on Linux, but they're not high end. https://www.theregister.co.uk/2018/10/26/systemd_dhcpv6_rce/ -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Also, DHCPv6 doesn't use router advertisements, though there is a flag in the RA that tells a device to use DHCPv6. On 10/28/2018 04:26 PM, James Knott wrote:
I just came across this article. However, as this quote shows, whoever wrote the article doesn't really understand IPv6:
"Thus, a rogue DHCPv6 server on a network, or in an ISP, could emit specially crafted router advertisement messages that wake up these clients, exploit the bug, and possibly hijack or crash vulnerable Systemd-powered Linux machines."
Router advertisements are sent via link local addresses, which means only the router on the same network can cause this, as link local addresses are never passed by a router. Also, SLAAC is often used, not DHCPv6 for clients. You won't see any DHCPv6 clients on the local network, unless specifically enabled. The WAN side might be vulnerable, but that would require an ISPs router to be compromised. I doubt most ISPs would be running Linux on their network. They tend to go for high end Cisco gear or equivalent. There are some Cisco models that run on Linux, but they're not high end.
https://www.theregister.co.uk/2018/10/26/systemd_dhcpv6_rce/
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 10/28/2018 03:26 PM, James Knott wrote:
I just came across this article. However, as this quote shows, whoever wrote the article doesn't really understand IPv6: <snip>
https://www.theregister.co.uk/2018/10/26/systemd_dhcpv6_rce/
From my very favorite daily, informative, and entertaining on-line rag. Probably one of those that everybody in, or interested in, tech should have arrive in their inbox, daily. (hint, hint)
-- David C. Rankin, J.D.,P.E. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
28.10.2018 23:26, James Knott пишет:
I just came across this article. However, as this quote shows, whoever wrote the article doesn't really understand IPv6:
And you do not understand the problem you are talking about, so where's the difference?
"Thus, a rogue DHCPv6 server on a network, or in an ISP, could emit specially crafted router advertisement messages that wake up these clients, exploit the bug, and possibly hijack or crash vulnerable Systemd-powered Linux machines."
Router advertisements are sent via link local addresses, which means only the router on the same network can cause this, as link local addresses are never passed by a router. Also, SLAAC is often used, not DHCPv6 for clients. You won't see any DHCPv6 clients on the local network, unless specifically enabled. The WAN side might be vulnerable, but that would require an ISPs router to be compromised. I doubt most ISPs would be running Linux on their network. They tend to go for high end Cisco gear or equivalent. There are some Cisco models that run on Linux, but they're not high end.
https://www.theregister.co.uk/2018/10/26/systemd_dhcpv6_rce/
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 10/29/2018 12:22 AM, Andrei Borzenkov wrote:
I just came across this article. However, as this quote shows, whoever wrote the article doesn't really understand IPv6:
And you do not understand the problem you are talking about, so where's the difference?
Which is? Regardless, router advertisements don't make it past a router and DHCPv6 doesn't use them. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (3)
-
Andrei Borzenkov -
David C. Rankin -
James Knott