Vigil@nce - IPv6: denial of service via Filtered Extension Headers
August 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can send a spoofed ICMPv6 packet to an IPv6
implementation filtering extension headers, in order to trigger a
denial of service.
– Impacted products: IP
– Severity: 1/4
– Creation date: 26/08/2014
DESCRIPTION OF THE VULNERABILITY
IPv6 extension headers, such as the Fragment header, are sometimes
filtered by administrators.
However, in this case, an attacker can send a spoofed ICMPv6
"Packet too big" packet, to force the fragmentation, which is thus
blocked.
An attacker can therefore send a spoofed ICMPv6 packet to an IPv6
implementation filtering extension headers, in order to trigger a
denial of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/IPv6-denial-of-service-via-Filtered-Extension-Headers-15228