Vigil@nce - OpenBSD: denial of service via SIOCSIFADDR
June 2013 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
A local attacker can use the SIOCSIFADDR ioctl on OpenBSD, in
order to trigger a denial of service.
– Impacted products: OpenBSD
– Severity: 2/4
– Creation date: 04/06/2013
DESCRIPTION OF THE VULNERABILITY
The SIOCSIFADDR parameter of the ioctl() function changes the IPv4
address of a network interface.
However, the in6_control() function of the sys/netinet6/in6.c file
does not handle the case where this ioctl is called on an AF_INET6
(IPv6) socket, which stops the kernel.
A local attacker can therefore use the SIOCSIFADDR ioctl on
OpenBSD, in order to trigger a denial of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/OpenBSD-denial-of-service-via-SIOCSIFADDR-12907