Contactez-nous Suivez-nous sur Twitter En francais English Language

De la Théorie à la pratique

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN



Vigil@nce: FreeBSD, denial of service via ICMPv6

September 2008 by Vigil@nce


An attacker can send a special ICMPv6 packet in order to stop the system.

Gravity: 3/4

Consequences: denial of service of computer

Provenance: internet client

Means of attack: 1 attack

Ability of attacker: technician (2/4)

Confidence: confirmed by the editor (5/5)

Diffusion of the vulnerable configuration: high (3/3)

Creation date: 04/09/2008

Identifier: VIGILANCE-VUL-8086


- FreeBSD [confidential versions]


An IPv6 host sends an ICMPv6 "Packet Too Big" error message (RFC 2463) to indicate if the received packet is larger than the MTU of the next hop (this MTU is set in the packet).

However, when the MTU set is inferior to the minimum MTU for IPv6 (1280), an error panics the FreeBSD kernel.

An attacker can therefore create a denial of service on servers where a TCP service listens on IPv6.


Identifiers: BID-31004, CVE-2008-3530, FreeBSD-SA-08:09.icmp6, VIGILANCE-VUL-8086

See previous articles


See next articles