When running tests with IPv6 diagnostic software, sending packets with invalid hop-to-hop extended headers triggers a kernel panic under RHEL 5 and RHEV

Solution Verified - Updated -

Environment

Red Hat Enterprise Linux 5 with a kernel version prior to 2.6.18-164.10.1.el5, or

Red Hat Enterprise Virtualization with rhev-hypervisor or rhev-hypervisor-pxe prior to 5.4-2.1.8.el5_4rhev2_1.

Issue

When using IPv6 diagnostic software (such as the Codenomicon IPv6 test suite or ip6sic tool), running certain tests that send IPv6 packets with invalid hop-to-hop extended headers results in a kernel panic.

Resolution

For most Red Hat Enterprise Linux 5 systems, updating to kernel version 2.6.18-164.10.1.el5 (from RHSA-2010-0019) or newer resolves this issue.

For systems running Red Hat Enterprise Linux 5.3.z (Extended Update Support), updating to kernel 2.6.18-128.12.1.el5 (from RHSA-2010-0053) or newer resolves this issue.

For systems running Red Hat Enterprise Linux 5.2.z (Extended Update Support), updating to kernel 2.6.18-92.1.35.el5 (from RHSA-2010-0079) or newer resolves this issue.

For Red Hat Enterprise Virtualization, updating to rhev-hypervisor (or rhev-hypervisor-pxe) 5.4-2.1.8.el5_4rhev2_1 (from RHSA-2010:0095) or newer resolves this issue.

Root Cause

This issue is caused by incomplete data validation of information in the hop-by-hop IPv6 extended header.

Comments

The identifier CVE-2007-4567 is assigned to this vulnerability.

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Comments