OpenBSD: IPv6 Denial of service vulnerability
Posted by LinuxSecurity.com Team   
OpenBSD This bug can be exploited to lock up the network stack if reachable via IPv6.

An IPv6 MTU handling problem has been reported by Georgi Guninski[1],
which could be used by an attacker to cause a denial of service attack
against hosts reachable through IPv6.

When the MTU (maximum transfer unit) for an IPv6 route is set very low,
the TCP stack will enter an endless recursion when the next TCP packet
is sent. This can be exploited remotely by sending ICMP6 'packet too
big' messages containing such low MTU values. The kernel will
effectively lock up, causing denial of service. It is not believed that
this problem can be used to execute arbitrary code.

IPv6 is enabled by default, but the problem can only be exploited
remotely against hosts which are reachable through IPv6. Hosts with
IPv4 connectivity only are not affected.

The problem is fixed in -current, patches for 3.4-stable and 3.3-stable
are available at

   ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.4/common/011_ip6.patch
   ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/016_ip6.patch

[1]  http://www.guninski.com/obsdmtu.html