SoylentNews

jas [soylentnews.org] writes:

A critical vulnerability in MikroTik’s RouterOS handling of IPv6 packets allows for “remote, unauthenticated denial of service,” according to security researcher Marek Isalski. According to a post on MikroTik’s user forum, the new vulnerability is “a memory exhaustion issue. You send a v6 packet formed in a certain way to a Mikrotik router and the kernel leaks a bit of memory. When memory runs out the router crashes, I assume until the watchdog reboots it. There is no way to firewall as whatever this characteristic is that causes the problem can be set with any v6 packet.”

Presently, the only mitigation is to completely disable IPv6 in RouterOS.
https://www.techrepublic.com/article/unpatched-vulnerability-in-mikrotik-routeros-enables-easily-exploitable-denial-of-service-attack/ [techrepublic.com]

Original Submission