NOW READ THIS
("Security Advisory")

Go Back

---

Submitted by: Bill Hickey
NCVA List Master

NRT-0087 OpenBSD hit by critical IPv6 flaw:

Vulnerability in the way OpenBSD handles IPv6 data packets exposes systems running the traditionally secure open-source operating system to serious attack. A memory corruption vulnerability error exists in the OpenBSD code that handles IPv6 packets, Core Security Technologies said in an alert published Tuesday. Exploiting the flaw could let an attacker commandeer a vulnerable system. A security update was issued last week to deal with the OpenBSD issue, which affects multiple releases of the operating system. To exploit the vulnerability, an attacker must have the ability to send malicious IPv6 packets to the target system or be on the same network. Symantec raised its ThreatCon to level 2 because of the issue, which means attacks are expected. As a work-around for users who can not apply the OpenBSD patch or who do not need to process or route IPv6 packets can be blocked by using Openness' firewall.

(CNET News 14MAR07)

Last Modified: Sunday, 18-Mar-2007 23:09:30 EST