=====================================================================
                                    CERT-Renater

                         Note d'Information No. 2007/VULN212
_____________________________________________________________________

DATE                      : 26/04/2007

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : OpenBSD running IPv6.

======================================================================

IPv6 type 0 route headers can be used to mount a DoS attack against
hosts and networks.  This is a design flaw in IPv6 and not a bug in
OpenBSD.

This problem has been fixed in the OpenBSD CVS repository in the
-current and -stable branches.  The -current snapshots of OpenBSD
contain these fixes as well.

It is recommended that users of OpenBSD update their kernel asap
using cvs or manually apply the source code patches listed below.

A source code patch for OpenBSD 4.0-stable can be downloaded from
ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.0/common/012_route6.patch.

A source code patch for OpenBSD 3.9-stable can be downloaded from
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.9/common/022_route6.patch.



======================================================================

           =========================================================
           Les serveurs de référence du CERT-Renater
           http://www.urec.fr/securite
           http://www.cru.fr/securite
           http://www.renater.fr
           =========================================================
           + CERT-RENATER          | tel : 01-53-94-20-44          +
           + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
           + 75013 Paris           | email: certsvp@renater.fr     +
           =========================================================