On Tue, 15 Nov 2016, Alexis Rosen wrote:
> As far as I can tell, this is an editing error of some sort, and in
> fact you can NOT trigger the issue simply by having an IPv6 address
> reachable with an ICMP.
Ah, what's the basis for that? I looked at the code, and that security
claim seemed possible.
> Later in the advisory, it says:
>> Usage of Quagga without running the 'zebra' daemon, or no
>> IPv6 neighbor-discovery are not affected.
>
> A quick look at the code also suggests this is so, but my familiarity
> with this code is basically nil, and it would be very easy for me to
> get this wrong.
The code concerned is all the zebra daemon, so that's correct. The code
that reads the message is only enabled if the zebra RA/ND feature is.
Note, you could have the kernel IPv6 ND/SLAC enabled, and be fine - it's
about the zebra feature. That's also not 100% clear.
regards,
--
Paul Jakma | paul@jakma.org | @pjakma | Key ID: 0xD86BF79464A2FF6A
Fortune:
hardware stress fractures
_______________________________________________
Quagga-users mailing list
Quagga-users@lists.quagga.net
https://lists.quagga.net/mailman/listinfo/quagga-users
> As far as I can tell, this is an editing error of some sort, and in
> fact you can NOT trigger the issue simply by having an IPv6 address
> reachable with an ICMP.
Ah, what's the basis for that? I looked at the code, and that security
claim seemed possible.
> Later in the advisory, it says:
>> Usage of Quagga without running the 'zebra' daemon, or no
>> IPv6 neighbor-discovery are not affected.
>
> A quick look at the code also suggests this is so, but my familiarity
> with this code is basically nil, and it would be very easy for me to
> get this wrong.
The code concerned is all the zebra daemon, so that's correct. The code
that reads the message is only enabled if the zebra RA/ND feature is.
Note, you could have the kernel IPv6 ND/SLAC enabled, and be fine - it's
about the zebra feature. That's also not 100% clear.
regards,
--
Paul Jakma | paul@jakma.org | @pjakma | Key ID: 0xD86BF79464A2FF6A
Fortune:
hardware stress fractures
_______________________________________________
Quagga-users mailing list
Quagga-users@lists.quagga.net
https://lists.quagga.net/mailman/listinfo/quagga-users