On the point of “the fix is in v7”
That kind of statement is usually code for “it’s a kernel issue” since the major version number of RouterOS has (so far) related to linux kernel revision. Therefore, if that is the official position on this problem, then there may be some logical conclusions that might be drawn: 1. Maybe this can’t be fixed in current routerOS v6.xx 2. Maybe other OS based on linux kernel may also be affected Pure conjecture from me, of course – despite the relatively ‘close’ relationship that we have with MikroTik, we are not much better informed than everyone else when it comes to this sort of thing :-} Cheers! Mike. From: AusNOG [mailto:[email protected]] On Behalf Of Rob Thomas Sent: Friday, 29 March 2019 10:50 AM To: Cameron Murray <[email protected]> Cc: <[email protected]> <[email protected]> Subject: Re: [AusNOG] Mikrotik IPv6 Vulnerability - Must Read if you have Public IPv6 Facing Mikrotik Quick summary of the problem: * From the description it appears to be a kernel-level issue - when a MikroTik device receives a magic IPv6 packet, it will panic. * MikroTik have known about it for almost a year, and have not fixed it. * It is not fixed in the latest 6.44.1 image * The discoverer has been trying to practice responsible disclosure, but has given up Further things: * MikroTik HAVE acknowledged it in a new thread a couple of hours ago https://forum.mikrotik.com/viewtopic.php?f=2 <https://forum.mikrotik.com/viewtopic.php?f=2&t=147048#p723696> &t=147048#p723696 * Twitter thread from the guy who discovered it: https://twitter.com/maznu/status/1110910688623513601 * There's a comment 'The fix is in v7' - theres a long running joke that v7 will never emerge (it probably never will, they've lost most of their senior engineers, and refuse to open source their code to leverage their developers in the community) I guess the good thing for me is that Nexium still can't provide us IPv6 so we're kinda safe up here 8) --Rob On Fri, 29 Mar 2019 at 09:25, Cameron Murray <[email protected] <mailto:[email protected]> > wrote: Guys, This has just popped up on the Mikrotik forums that I am sure many on the list need to be aware of. If you run Mikrotik in your network and have IPv6 on a Public facing interface please check the following link: https://forum.mikrotik.com/viewtopic.php?t=147076 Cheers Cameron _______________________________________________ AusNOG mailing list [email protected] <mailto:[email protected]> http://lists.ausnog.net/mailman/listinfo/ausnog
_______________________________________________ AusNOG mailing list [email protected] http://lists.ausnog.net/mailman/listinfo/ausnog
