FreeBSD Security Advisory FreeBSD-SA-19:19.mldv2
Mike Tancsa
mike at sentex.net
Wed Aug 7 17:06:20 UTC 2019
Does anyone have any more details about the implication of this ? e.g.
does a daemon need to be listening on a target device ? Is it merely the
act of forwarding such packets ? Can a non root user open such a daemon ?
Thanks,
---Mike
> =============================================================================
> FreeBSD-SA-19:19.mldv2 Security
> Advisory
> The FreeBSD
> Project
>
> Topic: ICMPv6 / MLDv2 out-of-bounds memory access
> MLDv2 is the Multicast Listener Discovery protocol, version 2. It is used
> by IPv6 routers to discover multicast listeners.
>
> II. Problem Description
>
> The ICMPv6 input path incorrectly handles cases where an MLDv2 listener
> query packet is internally fragmented across multiple mbufs.
>
> III. Impact
>
> A remote attacker may be able to cause an out-of-bounds read or write that
> may cause the kernel to attempt to access an unmapped page and
> subsequently
> panic.
More information about the freebsd-security
mailing list