| |||||||||||||
A second remote hole for OpenBSDA second remote hole for OpenBSDPosted Mar 14, 2007 16:13 UTC (Wed) by copsewood (subscriber, #199)Parent article: A second remote hole for OpenBSD
Has OpenBSD IPV6 code been included in any other OSs, embedded systems or other networking stacks ? If so these should be checked for this vuln. The reason I ask is that many systems have obtained networking code from BSD in the past. Or maybe the OpenBSD code in question came from another system with free and compatible licensing. Either way checks are needed.
(Log in to post comments)
A second remote hole for OpenBSD Posted Mar 14, 2007 16:19 UTC (Wed) by djrom (guest, #26074) [Link] In the advisory text:. 2007-02-26: OpenBSD team communicates that the issue is specific to OpenBSD. So, apparently, the OpenBSD team already did the check and the vulnerability seems to be OpenBSD-specific.
They use the KAME stack Posted Mar 14, 2007 18:45 UTC (Wed) by jd (guest, #26381) [Link] (With their own custom mods.)KAME is used by the other BSDs. A derivative, Usagi, used to be available for Linux but there have been no updates for some time and the project has fallen quiet. (KAME itself was halted after the main protagonists decided it was good enough and not worth maintaining as a separate project. A stupid decision, IMHO. If the conformance tests aren't even close to being finished, then "good enough" can't possibly be defined.) If, as has been said elsewhere, the bugs only apply to the OpenBSD IPv6 stack, then the bugs were most likely in the port-specific code. (If it had been an interaction between the port-specific stuff and the mainline code, then the bug would have still existed in the other versions even if it couldn't be exploited to the same degree.) All in all, I am really bothered by the very poor attitude I am seeing towards IPv6 work at the moment. Attitude is ultimately the culprit for all security flaws. Had the attitude been better and development healthier, this problem would either have been fixed much sooner or possibly never arisen at all.
v6 Posted Mar 16, 2007 5:46 UTC (Fri) by gvy (guest, #11981) [Link] Maybe rare folks really need v6 right now, right? (judging on some recent conclusions it well might be the situation for at least a dozen years more)
What have the V6 folks ever done for us? Posted Mar 16, 2007 17:33 UTC (Fri) by jd (guest, #26381) [Link] This reminds me of that sketch in Monty Python's "Life of Brian". Here are some things that v6 supplies (aside from addresses):
Some of these have been backported to IPv4, but the IPv4 versions aren't always terribly interoperable and aren't efficient as they're not designed in. Some are not obviously useful - mobility? - but when you consider the headaches they're having with IP on any mass transit system (having a single monopolistic ISP is a "popular" solution, where a current solution even exists), the sole benefit of having a static solution over a dynamic one is that one ISP gets richer. Oh, you thought you got a benefit from it? Gimme a break. (In fact, it is very likely the anti-monopolistic nature of IPv6 that is hindering adoption. If it had allowed companies like AT&T or Telus to pwn the Internet, it would have been adopted globally in a week. It is precisely because it empowers users to do their own thing that network providers are avoiding it like the plague.)
What have the V6 folks ever done for us? Posted Mar 19, 2007 13:14 UTC (Mon) by copsewood (subscriber, #199) [Link] Thanks for this summary. In addition to commercial monopolistic motivation (which I'm sure exists) there is also the problem of displacing an existing network with a new one suggested by Metcalf's law. This problem is likely to be overcome by new applications e.g. requiring all mobile phones having client/server IP connectivity and OLPC which can only be achieved through availability of more addresses. ISPs will be keen to make money from these new applications even if there are fewer opportunities to monopolise them.
v6 Posted Mar 22, 2007 9:53 UTC (Thu) by Cato (subscriber, #7643) [Link] IPv6 is finally entering real practically-driven deployments - I'm not counting the various ISPs who've done IPv6 as a service for use by leading-edge business customers and research labs, only the companies that are deploying it because they more or less have to, driven by future IP address shortages.
Comcast is deploying IPv6 already in its core and will deploy it for customers, largely because it's already exhausted the 10.x address space and is having to use public IPv4 space for customers. With about 10 IP addresses per triple-play household, and 10s of millions of customers, there's a strong driver to do this sooner rather than later, and the cable world's DOCSIS 3.0 standards for cable modems are now out, and support IPv6.
For more details, including a presentation from Comcast on their IPv6 deployment plans, and some other indicators of IPv6 demand becoming real, see http://slashdot.org/comments.pl?sid=225734&cid=18286172
|
|||||||||||||