Vigil@nce - OpenBSD: spoofing IPv6 UDP packets
May 2016 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
A local attacker can send IPv6 UDP packets from OpenBSD with a
source port reserved by another application.
Impacted products: OpenBSD.
Severity: 2/4.
Creation date: 16/03/2016.
DESCRIPTION OF THE VULNERABILITY
An application can use the bind() function to reserve a local port.
However, OpenBSD does not forbid a local user to reserve an UDP
port over IPv6, which is already reserved by another application.
A local attacker can therefore send IPv6 UDP packets from OpenBSD
with a source port reserved by another application.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
https://vigilance.fr/vulnerability/OpenBSD-spoofing-IPv6-UDP-packets-19185