Vigil@nce - FreeBSD, NetBSD, Windows: denial of service via ICMPv6 Neighbor Solicitation
October 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can send numerous ICMPv6 Neighbor Solicitation
packets, in order to create a denial of service in several
products.
Impacted products: FreeBSD, Windows 2003, Windows 2008, Microsoft
Windows 2012, Windows 7, Windows 8, Windows Vista, NetBSD
Severity: 1/4
Creation date: 11/10/2012
DESCRIPTION OF THE VULNERABILITY
The IPv6 Neighbor Discovery protocol uses 5 types of ICMPv6
packets (RFC 4861):
– Neighbor Solicitation : query the Ethernet address of a server
on the LAN
– Neighbor Advertisement : answer indicating the address
– etc.
However, some implementations do no correctly manage resources
required to handle Neighbor Solicitation packets. Large resources
are required to process them.
An attacker can therefore send numerous ICMPv6 Neighbor
Solicitation packets, in order to create a denial of service in
several products. When the attacker stops sending packets, the
denial of service also stops.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN