[GTER] Mikrotik IPv6 remote crash attack

Andrio Prestes Jasper mascaraapj at gmail.com
Fri Mar 29 14:29:51 -03 2019


está uma queda de braço boa lá no fórum heim.

Mikrotik diz ter resolvido o problema no ultimo BETA.
o cara que descobriu o problema diz que não resolveu, até postou vídeo e
slide do diagrama/topologia.

Mikrotik diz que desconhece os detalhes.
o cara diz que são os mesmos que foram apresentados a 1 ano atrás e que até
hoje a mikrotik não resolveu.

e nessa historia toda, estamos nós no meio.

Em sex, 29 de mar de 2019 às 12:34, Fernando Frediani <fhfrediani at gmail.com>
escreveu:

> Para quem não teve a oportunidade de acessar esta discussão no forum
> hoje pela manha teve um post bem interessante e nada surpreendente. Vou
> transcrever abaixo.
>
> Outra informação é que aparentemente hoje lançaram alguma correção no
> 6.45beta22 (https://mikrotik.com/download/changelogs/testing-release-tree
> ).
>
> MikroTik acknowledged this issue on 2018-04-20.
> To learn more about it: I am presenting at UKNOF 43 on 2019-04-09 (April
> 9th), and there will be a live stream.
> MikroTik support was made aware of my intention to speak at UKNOF on
> 2019-03-04, which is when UKNOF accepted my talk. This gave MikroTik
> over a month of notice that I intended to discuss these issues.
> Since 2019-03-04 I have told MikroTik that I believe there is
> exploitation in the wild already, and that they should reprioritise
> their efforts to fix this.
> I am not aware of any workarounds or mitigations any of us can use.
> Despite my repeated pleas for this to be treated as a security issue,
> everyone I have interacted with at MikroTik says the same. Even normis
> has stated it is not a "vulnerability" in MikroTik's eyes — it is just a
> "bug".
>
> Fernando
>
> On 28/03/2019 13:39, Job Snijders wrote:
> > Dear all,
> >
> > Word on the streets is that there is a serious bug in Mikrotik's IPv6
> > implementation. Given the popularity of Mikrotik in the Brasil region,
> > it would perhaps be good to keep an eye on the following:
> >
> >      https://forum.mikrotik.com/viewtopic.php?t=147048
> >
> > Kind regards,
> >
> > Job
> > --
> > gter list    https://eng.registro.br/mailman/listinfo/gter
> --
> gter list    https://eng.registro.br/mailman/listinfo/gter
>


-- 
*Andrio prestes Jasper*
(65) 9 9320-3170 / 8444-0040


[image: LinkedIn]  <https://htmlsig.com/t/000001CV280A> [image: Skype]
<https://htmlsig.com/t/000001CZSRMM>



More information about the gter mailing list