The Third Party Vulnerability Resolution Blog covers CVEs and patches in Systems product suite.

IPv6 Routing Header Issues

Guest Author

An analysis of the potential misuse of IPv6 type 0 routing headers, which allow the route that network traffic takes to be influenced by its sender, has recently been published, for example here (PDF).

We thought we'd pass on some information about how this impacts Solaris.

Solaris is compliant with the IPv6 protocol definition and has support for these routing headers, however, the way these routing headers are handled is controlled by the kernel driver parameter ip6_forward_src_routed. In Solaris 9 and 10 this variable defaults to false so packets containing these headers are discarded (see bug 4408694), meaning that unmodifed Solaris 9 and 10 installations cannot be used to assist in the exploitation of these issues.

On the other hand, in Solaris 8 the default value for this variable is true, so default installations of Solaris 8 may be impacted.

To determine the value of this variable on a Solaris host, you can use a command similar to the following:

  # ndd /dev/ip ip6_forward_src_routed

If the returned value is zero, IPv6 routing headers will be ignored.

To set the value to 0, use the following command (which is required with the default Solaris 8 configuration to avoid this issue):

  # ndd -set /dev/ip ip6_forward_src_routed 0

Note that changing this value from the default is not persistent across reboots, to make it persistent the command can be placed in a script that is run at startup (for example /etc/rc2.d/S69inet on pre-S10 machines).

Join the discussion

Comments ( 1 )
  • Vladimir Kotal Wednesday, May 16, 2007
    There has been pretty extensive discussion about RH0 issue at ipv6-ops mailing list; those interested should see RH0/security related threads at: http://lists.cluenet.de/pipermail/ipv6-ops/2007-May/thread.html
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.