Date of Award

5-31-2018

Document Type

Thesis (Undergraduate)

Department or Program

Department of Computer Science

First Advisor

Sergey Bratus

Abstract

Although IPv6 was introduced in 1998, its adoption didn't begin to take off until 2012. Furthermore, its vulnerabilities haven't received as much attention as those of IPv4. As such, there is potential to exploit these vulnerabilities. With the amount of IPv6 traffic rapidly increasing, these exploits present real-world consequences. This paper aims to re-evaluate the security of IPv6 stack implementations in FreeBSD and Linux kernels, specifically FreeBSD 11.1 and Ubuntu Linux 4.13. It contributes to the literature in three ways. We first reproduce ten vulnerabilities from existing research to determine whether known bugs have been patched. Then, we examine two, new vulnerabilities in IPv6 extension headers and options. Not only does this paper demonstrate the vulnerabilities in the kernels' implementations, but it also aims to show where these parser differentials likely originate in the kernel's source code. Our hope is that the fuzzing cases from this paper can be built into an automatic fuzzing framework that will facilitate the discovery of new vulnerabilities and ensure the security of this protocol moving forward.

Comments

Originally posted in the Dartmouth College Computer Science Technical Report Series, number TR2018-843.

Download
COinS