IPv6 hop limit set to 0

Bug #1450066 reported by Jay Foad
28
This bug affects 5 people
Affects Status Importance Assigned to Milestone
NetworkManager
Fix Released
Critical
network-manager (Debian)
New
Unknown
network-manager (Ubuntu)
Fix Released
High
Mathieu Trudel-Lapierre
Vivid
Won't Fix
High
Unassigned

Bug Description

On upgrading from Ubuntu 14.10 to 15.04 I found that my IPv6 networking no longer worked. It turned out that this was because my hop limit was set to zero:

# sysctl -a | fgrep eth0.hop_limit
net.ipv6.conf.eth0.hop_limit = 0

which in turn seems to have been cause by a known problem in the network manager:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756534
https://bugzilla.gnome.org/show_bug.cgi?id=737252

Since this has already been fixed in the GNOME project, can Ubuntu 15.04 please take the upstream fix?

CVE References

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in network-manager (Ubuntu):
status: New → Confirmed
Revision history for this message
Borut Mrak (b9bit) wrote :

Please please cherry pick the patch from gnome bugzilla and apply it to vivid

http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=6a79acb0

This bug makes most IPv6 connections unusable without manual intervention (either setting the hop limit on each router that does not set that in RAs - most!) or manually changing the limit after every connection.

I wouldn't say it's critical (most of us still have IPv4 access too :), but it's definitely a High importance bug.

Revision history for this message
TIbor Djurica Potpara (tibor-djurica) wrote :

I hate to nag, but this should really be a high-priority. IPv6 is completely unusable on majority of networks, since no routers that I know actually broadcast a hop limit.

Given that it has been fixed upstream for more than half a year, the package should be updated ASAP.

Revision history for this message
Mathieu Trudel-Lapierre (cyphermox) wrote :

This is a candidate for SRU.

Changed in network-manager (Ubuntu Vivid):
status: New → Triaged
importance: Undecided → High
Changed in network-manager (Ubuntu):
status: Confirmed → Triaged
importance: Undecided → High
assignee: nobody → Mathieu Trudel-Lapierre (mathieu-tl)
Revision history for this message
Marcel Nageler (x-lauochpad-u) wrote :

This bug is due to a failure in handling router advertisments.

According to RFC 4861 (page 20) a _Cur Hop Limit_ set to 0 means, that the Hop Limit is unspecified. Ubuntu 15.04 takes this literally and sets HL to 0.

Fortunately my router provided the option to set this field to a manual value, altough i suppose this is not the case for most routers.

Revision history for this message
Marcel Nageler (x-lauochpad-u) wrote :

This issue may be resolved by providing a newer version of networkmanager (>= 0.9.10.2)

In this version a patch was introduced to mitigate CVE-2015-2922 (don't allow setting the HL smaller than it was before)
This patch also makes sure a HL < 10 does not get set.

[ 1 ] The changelog of version 0.9.10.2
         http://www.pro-linux.de/sicherheit/2/print/30542/index.html

[ 2 ] CVE-2015-2922 kernel: denial of service (DoS) attack against IPv6 network stacks due to improper handling of Router Advertisements.
        https://access.redhat.com/security/cve/CVE-2015-2922

Revision history for this message
Sam Stenvall (negge) wrote :

Since upstream has provided a fix for this issue, can someone please update the network-manager package so we don't have to jump through hoops to get IPv6 working?

Revision history for this message
Aron Xu (happyaron) wrote :

Vivid is not supported anymore, closing as Won't Fix. However this bug should be fixed in later Ubuntu releases already.

Changed in network-manager (Ubuntu):
status: Triaged → Fix Released
Changed in network-manager (Ubuntu Vivid):
status: Triaged → Won't Fix
Changed in network-manager (Debian):
status: Unknown → New
Changed in network-manager:
importance: Unknown → Critical
status: Unknown → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.