I recorded a quick live stream with a quick update on CVE-2024-38063. The video focuses on determining the exploitability, particularly whether your systems are reachable by IPv6.
After recording this video, Stephen Sims pointed me to a thread on X published yesterday. It goes over some of the possible exploit paths. The main takeaway is that it will likely take multiple packets to successfully exploit this issue, and exploitation will likely not be reliable. Some of the discussion also reminds me of a recent IPv4 issue in FreeBSD.
The FreeBSD issue was caused by ICMP error messages sent in response to crafted ICMP requests. ICMP options included in the response caused a buffer overflow. Something similar may be happening here. If I read the X thread correctly, multiple queued errors are required in the case of CVE-2024-38063.
See this "Packet Tuesday" video about the FreeBSD issue: https://www.youtube.com/watch?v=Bgmfl17AQWA
---
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS.edu
Twitter|