Vigil@nce - IPv6: incorrect implementation of Fragment Overlap
November 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
Some IPv6 implementations do not abide by the RFC 5722, so an
attacker can fingerprint the system, or bypass an IDS.
Impacted products: Linux, Windows 7, OpenBSD, IP
Severity: 1/4
Creation date: 09/11/2012
DESCRIPTION OF THE VULNERABILITY
The RFC 2460 defines IPv6. This RFC did not forbid overlapping
IPv6 fragments. The RFC 5722 defines that these fragments must be
ignored.
However, the RFC 5722 is not abided by all IPv6 implementations.
These implementations thus have different behaviors.
Some IPv6 implementations therefore do not abide by the RFC 5722,
so an attacker can fingerprint the system, or bypass an IDS.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/IPv6-incorrect-implementation-of-Fragment-Overlap-12124