For all who are not watching this thread closely, MikroTik have released an effective patch for this issue, albeit currently only in beta chain: 6.45beta23 They say that there is some more optimisation to be done for routers with low RAM before it will be released into long term and stable versions. No firm date on when that might happen. For low memory capacity routers (< 100MB) or in cases where upgrade is not feasible, firewall rules to limit new connection rates will help to defeat an attack using the exploit: /ipv6 firewall filter add action=drop chain=forward connection-mark=drop connection-state=new /ipv6 firewall mangle add action=accept chain=prerouting connection-state=new dst-address=\ [your:network::/64] limit=2,5:packet add action=mark-connection chain=prerouting connection-state=new dst-address=\ [your:network::/64] new-connection-mark=drop passthrough=yes It is important to note that this problem affects routing function of ipv6, so packets with final destination of any host forwarded by a router will make that router vulnerable (i.e. input chain is no use for above rules) FWIW, the MikroTik spokesman handling this case has acknowledged that they made a mistake in filing the original CVE/s and should have addressed the problem/s sooner. Hopefully this event will encourage them to adjust their handling of such reports better in future :-j Cheers, Mike.
-----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Shane Clay Sent: Friday, 29 March 2019 1:07 PM To: Public@talk.mikrotik.com.au Subject: [MT-AU Public] UKNOF 43 CVE
For those of you who don't follow AUSNOG... "critical vulnerability" for Mikrotik devices running IPv6 (even firewalled) that you should know about:
https://forum.mikrotik.com/viewtopic.php?t=147076
Mikrotik have acknowledged it: https://forum.mikrotik.com/viewtopic.php?f=2&t=147048#p723696
Twitter thread from the person who discovered it: https://twitter.com/maznu/status/1110910688623513601
No current fix.
Shane _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au