Urgent security update necessary for all DragonFly versions

Simon 'corecode' Schubert corecode at fs.ei.tum.de
Wed May 9 11:49:08 PDT 2007

Dear DragonFly BSD users,

I am addressing you as the security officer of DragonFly, because this is a
very serious issue.  Please take this as serious as we, KAME, Cisco and other
vendors are and therefore react *immediately* and update *all* your
installations.  This is *very* serious;  Cisco has assigned it the score 10
on a scale from 1 to 10.  For details read [1] or [2].

This issue is related to the IPv6 network stack.  However, even if you are
not actively using IPv6, you *must* to update your installation, because this
security issue can be exploited!  Firewalls are no help either, so please do
not consider yourself protected if your DragonFly installation is behind a
packet filter.

IPv6 allows for source routing using the routing header type 0 (RH0).
Already over one decade ago source routing with IPv4 was considered insecure
and thus has been blocked per default by all major operating systems.
Properties of IPv6 however allow exploits with a damage potential which is
many magnitudes higher.

Especially, there is a risk of creating packet storms which will be able to
break the internet, including the IPv4 part -- the problem is *not*
restricted to IPv6 connected hosts!

All current branches of DragonFly have been updated to contain this fix.
Please make sure to update your sources, rebuild + install a new kernel and
reboot your system to actually activate this fix!  For reference on how to
update your kernel, see build(7).

If you have any questions, please do not hesitate to ask.

Thanks in advance for updating,

[1] http://www.secdev.org/conf/IPv6_RH_security-csw07.pdf
[2] http://natisbad.org/

Serve - BSD     +++  RENT this banner advert  +++    ASCII Ribbon   /"\
Work - Mac      +++  space for low €€€ NOW!1  +++      Campaign     \ /
Party Enjoy Relax   |   http://dragonflybsd.org      Against  HTML   \
Dude 2c 2 the max   !   http://golden-apple.biz       Mail + News   / \

More information about the Users mailing list