[ipv6hackers] Windows ping6-of-death
Pierre Emeriaud
petrus.lt at gmail.com
Wed Aug 14 08:32:05 CEST 2013
Hello Marc, all,
2013/8/14 Marc Heuse <mh at mh-sec.de>:
> hi guys,
>
> this months microsoft windows security patches include on that fixes a
> ping-of-death style ICMPv6 denial of service vulnerability.
> does anyone have more information how that attack/packet look like?
>From the Sourcefire Vulnerability Research Team blog[0] :
"The second vulnerability (CVE-2013-3183) is in the ICMPv6
implementation (MS13-065) and can also result in a system crash if an
attacker send a maliciously crafted ICMPv6 Router Advertisement packet
that contains an invalid prefix length field."
"We are releasing rules SID 27605-27616, 27618-27620 and 27624 to
address these issues."
[0] http://vrt-blog.snort.org/2013/08/microsoft-update-tuesday-august-2013.html
Regards,
Pierre.
More information about the Ipv6hackers
mailing list