I’ve not read the CVE but assuming it works on any IPv6 address including the privacy extensions addresses, it’s a problem. Depending on what most routers do in terms of IPv6 firewalling.
My opinion is, IPv6 firewalls should, by default, offer similar levels of security to NAT. That is, no unsolicited incoming connections but allow outgoing ones freely.
In my experience, it’s a bit hit-and-miss whether they do or not.
Now, if this works on privacy extension addresses, it’s a problem because the IPv6 address could be harvested from outgoing connections and then attacked. If not, then scanning the IPv6 space is extremely hard and by default addresses are assigned randomly inside the /64 most people have assigned by their ISP means that the address space just within your own LAN is huge to scan.
If it doesn’t work on privacy extension IPs, I would say the risk is very low, since the main IPv6 address is generally not exposed and would be very hard to find by chance.
Here’s the big caveat, though. If these packets can be crafted as part of a response to an active outgoing TCP circuit/session. Then all bets are off. Because a popular web server could be hacked, adjusted to insert these packets on existing circuits/sessions in the normal response from the web server. Meaning, this could be exploited simply by visiting a website.
This would presumably mainly be an issue for computers open to the internet. So not so much for home PCs, unless the router’s firewall is opened up.
I’ve not read the CVE but assuming it works on any IPv6 address including the privacy extensions addresses, it’s a problem. Depending on what most routers do in terms of IPv6 firewalling.
My opinion is, IPv6 firewalls should, by default, offer similar levels of security to NAT. That is, no unsolicited incoming connections but allow outgoing ones freely.
In my experience, it’s a bit hit-and-miss whether they do or not.
Now, if this works on privacy extension addresses, it’s a problem because the IPv6 address could be harvested from outgoing connections and then attacked. If not, then scanning the IPv6 space is extremely hard and by default addresses are assigned randomly inside the /64 most people have assigned by their ISP means that the address space just within your own LAN is huge to scan.
If it doesn’t work on privacy extension IPs, I would say the risk is very low, since the main IPv6 address is generally not exposed and would be very hard to find by chance.
Here’s the big caveat, though. If these packets can be crafted as part of a response to an active outgoing TCP circuit/session. Then all bets are off. Because a popular web server could be hacked, adjusted to insert these packets on existing circuits/sessions in the normal response from the web server. Meaning, this could be exploited simply by visiting a website.
What about torrenting through a VPN with IPv6? Would that make you vulnerable to this exploit?