[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] Linux kernel handling of IPv6 temporary addresses
From: P J P <ppandit () redhat ! com>
Date: 2013-01-21 12:44:46
Message-ID: alpine.LFD.2.03.1301211728280.15280 () erqung ! pbz
[Download RAW message or body]
+-- On Sun, 20 Jan 2013, George Kargiotakis wrote --+
| Yes and no. When flooding finishes everything still works ok,
| temp. addresses haven't been disabled, but when the preferred timer
| of the temp. address of the original acquired prefix expires, the kernel
| won't be able to acquire a new temporary address because the interface
| is already full with 16 addresses from flooding. An already acquired
| address only gets removed when it's validity timer expires. So, the
| host will be left using the global non-temp address acquired by slaac
| until another 'slot' (from the default 16) becomes free/expires.
|
| Summarizing, one is still able to remotely, inside a LAN, cause
| problems to another host, that is make it lose it's temp. address
| functionality at least for some time.
Ah right. I just wanted to confirm if it makes sense to push that patch
upstream. I think we'll defer it for now.
Thanks so much.
--
Prasad J Pandit / Red Hat Security Response Team
DB7A 84C5 D3F9 7CD1 B5EB C939 D048 7860 3655 602B
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic