The security flaw was found in OpenBSD's kernel and involves the way the OS handles certain kinds of IPv6 packets, according to the researchers at Core Security Technologies Inc. who discovered the problem. The security vulnerability affects versions 3.1, 3.6, 3.8, 3.9, 4.0 and 4.1 of OpenBSD. Also, all other versions that support the IPv6 stack are thought to be vulnerable.
The OpenBSD team has released a patch and a workaround for the flaw . Because this is a kernel-level security vulnerability, administrators will need to rebuild their kernels after installing the patch.
In order to exploit the security flaw, an attacker need only be able to send fragmented IPv6 packets to a target system. This requires direct access to the target network, however the attacker's machine does not need to have its own IPv6 stack in order to make the exploit work, Core said. Users who don't need to route IPv6 traffic can block those packets using OpenBSD's native firewall.
"It was difficult for us to spot and figure out what was going on because the kernel was crashing in a bunch of different places because the memory was corrupted," Arce said. "Once we figured it out, it's not difficult to exploit."