[AusNOG] Mikrotik IPv6 Vulnerability - Must Read if you have Public IPv6 Facing Mikrotik
Rob Thomas
xrobau at gmail.com
Fri Mar 29 10:50:21 EST 2019
Quick summary of the problem:
* From the description it appears to be a kernel-level issue - when a
MikroTik device receives a magic IPv6 packet, it will panic.
* MikroTik have known about it for almost a year, and have not fixed it.
* It is not fixed in the latest 6.44.1 image
* The discoverer has been trying to practice responsible disclosure, but
has given up
Further things:
* MikroTik HAVE acknowledged it in a new thread a couple of hours ago
https://forum.mikrotik.com/viewtopic.php?f=2&t=147048#p723696
* Twitter thread from the guy who discovered it:
https://twitter.com/maznu/status/1110910688623513601
* There's a comment 'The fix is in v7' - theres a long running joke that v7
will never emerge (it probably never will, they've lost most of their
senior engineers, and refuse to open source their code to leverage their
developers in the community)
I guess the good thing for me is that Nexium still can't provide us IPv6 so
we're kinda safe up here 8)
--Rob
On Fri, 29 Mar 2019 at 09:25, Cameron Murray <cameron.murray at gmail.com>
wrote:
> Guys,
>
> This has just popped up on the Mikrotik forums that I am sure many on the
> list need to be aware of.
>
> If you run Mikrotik in your network and have IPv6 on a Public facing
> interface please check the following link:
> https://forum.mikrotik.com/viewtopic.php?t=147076
>
> Cheers
>
> Cameron
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20190329/09e0f127/attachment.html>
More information about the AusNOG
mailing list