Linux IPv6 "Route of Death" 0day

If the amount of space we're adding to the start of the buffer is more than we have allocated, then it'll cause a kernel panic instead of continuing execution. This means that any vulnerabilities that would ordinarily cause out-of-bounds behaviour (the good stuff) are now reduced to denial-of-service bugs.

While a denial-of-service bug may seem boring, the "remote" aspect usually associated with sk_buffs make them still pretty interesting. A remote kernel panic is still pretty fun!

Részletek itt.


Egy 11-es Debian-on ez az RPL nincs alapértelmezetten bekapcsolva.


sudo sysctl -a | grep -i rpl_seg_enabled

net.ipv6.conf.all.rpl_seg_enabled = 0
net.ipv6.conf.default.rpl_seg_enabled = 0


Ha jó értem ez kell a DOS triggereléséhez:

It's possible to trigger this on a machine with RPL enabled (sysctl -a | grep -i rpl_seg_enabled) with the following code:.....