New publications

“Fun” with RFC4620 Section 6.4 and discovering IPv4 information over IPv6 by Alex Broque, article published on the Another IPv6 Blog

The author presents some experiments conducted using the ICMPv6 Node Information Query message, which allows, among other things, obtaining the IPv4 addresses of a device. The article concludes by stating that, even though this Node Information Queries mechanism is disabled by default on most hosts, it can be beneficial to filter these messages using a firewall as well.

MS14-006: “Microsoft Windows TCP IPv6 Denial of Service Vulnerability” by Nicolas Economou, article published on the CORE Security blog

The article is a technical analysis of the MS14-006 vulnerability affecting Windows (see the previous month's post): details of changes made to the "Ipv6pUpdateSitePrefix" function, attempts to exploit the vulnerability on other versions of Windows, potential benefit of the vulnerability if combined with other vulnerabilities (heap spray).

New vulnerabilities

CVE-2014-2309 (Linux kernel: IPv6: crash due to router advertisement flooding)

• Affected product: Linux 3.x
• Impact: Denial of service