漏洞标题
N/A
漏洞描述信息
在IPv6协议规格中发现一个问题,与ICMP Packet Too Big(PTB)消息相关。(此CVE的范围是所有 vendors 影响的IPv6实现。) IP碎片的安全问题已经讨论了[RFC6274]和[RFC7739]。 攻击者可以利用生成IPv6原子碎片来触发任意IPv6流中的碎片操作(不需要实际分片 packets 的场景),随后对未实现[RFC6946]的 legacy IPv6 节点进行任何类型碎片基攻击。 因此,在实际上不需要碎片操作的情况下,使用碎片操作可以不必要的使用碎片基攻击vector。 不幸的是,即使是已经实现[RFC6946]的节点,由于生成IPv6原子碎片,也可能受到DoS攻击。 让我们假设主机A与主机B进行通信,由于大量丢弃包含扩展头(包括碎片)的IPv6 packets [RFC7872],一些中间节点过滤主机B和主机A之间的碎片。 如果攻击者向主机B发送伪造的ICMPv6 PTB错误消息,报告总大小小于1280字节,这将立即触发生成IPv6原子碎片(根据[RFC2460])。 当主机B开始发送IPv6原子碎片(根据收到的ICMPv6 PTB错误消息)时,这些 packets 将被丢弃,因为我们之前观察到,主机B和主机A之间的IPv6 packets 被丢弃。 因此,这种情况将产生DoS场景。另一种可能的场景是,两个BGP对等使用IPv6传输,并实施访问控制列表(ACL)来丢弃IPv6碎片(避免控制平面攻击)。 如果上述BGP对等丢弃IPv6碎片,但仍遵守收到的ICMPv6 PTB错误消息,攻击者可以轻松地攻击相应的会话,只需发送一个报告总大小小于1280字节的ICMPv6 PTB消息即可。一旦发送了攻击包,上述路由器将自身删除自己的流量。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
An issue was discovered in the IPv6 protocol specification, related to ICMP Packet Too Big (PTB) messages. (The scope of this CVE is all affected IPv6 implementations from all vendors.) The security implications of IP fragmentation have been discussed at length in [RFC6274] and [RFC7739]. An attacker can leverage the generation of IPv6 atomic fragments to trigger the use of fragmentation in an arbitrary IPv6 flow (in scenarios in which actual fragmentation of packets is not needed) and can subsequently perform any type of fragmentation-based attack against legacy IPv6 nodes that do not implement [RFC6946]. That is, employing fragmentation where not actually needed allows for fragmentation-based attack vectors to be employed, unnecessarily. We note that, unfortunately, even nodes that already implement [RFC6946] can be subject to DoS attacks as a result of the generation of IPv6 atomic fragments. Let us assume that Host A is communicating with Host B and that, as a result of the widespread dropping of IPv6 packets that contain extension headers (including fragmentation) [RFC7872], some intermediate node filters fragments between Host B and Host A. If an attacker sends a forged ICMPv6 PTB error message to Host B, reporting an MTU smaller than 1280, this will trigger the generation of IPv6 atomic fragments from that moment on (as required by [RFC2460]). When Host B starts sending IPv6 atomic fragments (in response to the received ICMPv6 PTB error message), these packets will be dropped, since we previously noted that IPv6 packets with extension headers were being dropped between Host B and Host A. Thus, this situation will result in a DoS scenario. Another possible scenario is that in which two BGP peers are employing IPv6 transport and they implement Access Control Lists (ACLs) to drop IPv6 fragments (to avoid control-plane attacks). If the aforementioned BGP peers drop IPv6 fragments but still honor received ICMPv6 PTB error messages, an attacker could easily attack the corresponding peering session by simply sending an ICMPv6 PTB message with a reported MTU smaller than 1280 bytes. Once the attack packet has been sent, the aforementioned routers will themselves be the ones dropping their own traffic.
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
IPv6 安全漏洞
漏洞描述信息
IPv6是Internet Protocol Version 6的缩写,也被称作下一代互联网协议,它是由IETF设计的用来替代现行的IPv4协议的一种新的IP协议。 IPv6中存在安全漏洞。攻击者可利用该漏洞执行未授权的操作。
CVSS信息
N/A
漏洞类别
授权问题