[ipv6hackers] Windows ping6-of-death

Pierre Emeriaud petrus.lt at gmail.com
Wed Aug 14 08:32:05 CEST 2013


Hello Marc, all,

2013/8/14 Marc Heuse <mh at mh-sec.de>:
> hi guys,
>
> this months microsoft windows security patches include on that fixes a
> ping-of-death style ICMPv6 denial of service vulnerability.
> does anyone have more information how that attack/packet look like?

>From the Sourcefire Vulnerability Research Team blog[0] :

"The second vulnerability (CVE-2013-3183) is in the ICMPv6
implementation (MS13-065) and can also result in a system crash if an
attacker send a maliciously crafted ICMPv6 Router Advertisement packet
that contains an invalid prefix length field."

 "We are releasing rules SID 27605-27616, 27618-27620 and 27624 to
address these issues."


[0] http://vrt-blog.snort.org/2013/08/microsoft-update-tuesday-august-2013.html

Regards,
Pierre.



More information about the Ipv6hackers mailing list