[GTER] Mikrotik IPv6 remote crash attack
Rubens Kuhl
rubensk at gmail.com
Sun Mar 31 23:48:17 -03 2019
On Thu, Mar 28, 2019 at 8:10 PM Job Snijders <job at ntt.net> wrote:
> Dear all,
>
> Word on the streets is that there is a serious bug in Mikrotik's IPv6
> implementation. Given the popularity of Mikrotik in the Brasil region,
> it would perhaps be good to keep an eye on the following:
>
> https://forum.mikrotik.com/viewtopic.php?t=147048
>
>
Mikrotik has now disclosed itself what the bugs are:
https://forum.mikrotik.com/viewtopic.php?p=724264#p724238
"There were two IPv6 related issues resolved in this version:
1) IPv6 packet forwarding might get stuck (due to IPv6 route cache
processing) that could lead to Watchdog reboot;
2) IPv6 neighbor table processing might get stuck (due to large neighbor
table) that could lead to Watchdog reboot.
Seems that one of these was considered as CVE and another one was not.
Since author of these CVEs still has a problem, seems that actually #1 was
not included in this CVE. However, this "problem" actually is not much of
an issue. RouterOS IPv6 route cache max size by default is 1 million. If
you try to reach 1 million hosts in your network, route cache grows and can
take up to 500 MB. If you have device that does not have such resources, it
will reboot itself. If router has, for example, 1 GB of RAM - there is no
problem. We will most likely allow to change cache size or will decide its
size based on RAM size. However, it can not be considered as a bug or
vulnerability. You make router work and then complain that resources are
required to do the job. This is not a bug."
Rubens
More information about the gter
mailing list