Closed HenkStevens closed 7 years ago
lauri-piikivi
commented
7 years ago Hi,
Thank you for this information. We will analyse the impacted SW and corrections. To help us pinpoint the problem, can you provide us the configuration you used, targets.json , config.json (if in use) and the command line parameters for the build.
If you do not want to place them here, you can reach me at lauri dot piikivi at arm dot com
Thank you again for bringing this to our knowledge!
EduardPon
commented
7 years ago {
"Target": {
"core": null,
"default_toolchain": "ARM",
"supported_toolchains": null,
"extra_labels": [],
"is_disk_virtual": false,
"macros": [],
"device_has": [],
"features": [],
"detect_code": [],
"public": false,
"default_lib": "std",
"bootloader_supported": false
},
"K64F": {
"supported_form_factors": ["ARDUINO"],
"core": "Cortex-M4F",
"supported_toolchains": ["ARM", "GCC_ARM", "IAR"],
"extra_labels": ["Freescale", "KSDK2_MCUS", "FRDM", "KPSDK_MCUS", "KPSDK_CODE", "MCU_K64F"],
"is_disk_virtual": true,
"macros": ["CPU_MK64FN1M0VMD12", "FSL_RTOS_MBED", "MBEDTLS_ENTROPY_HARDWARE_ALT", "MCU_K64F"],
"inherits": ["Target"],
"progen": {"target": "frdm-k64f"},
"detect_code": ["0240"],
"device_has": ["ANALOGIN", "ANALOGOUT", "ERROR_RED", "I2C", "I2CSLAVE", "INTERRUPTIN", "LOWPOWERTIMER", "PORTIN", "PORTINOUT", "PORTOUT", "PWMOUT", "RTC", "SERIAL", "SERIAL_FC", "SERIAL_ASYNCH", "SLEEP", "SPI", "SPISLAVE", "SPI_ASYNCH", "STDIO_MESSAGES", "TRNG"],
"features": ["IPV4"]
},
"K64F_IPV6": {
"supported_form_factors": ["ARDUINO"],
"core": "Cortex-M4F",
"default_toolchain": "GCC_ARM",
"extra_labels": ["Freescale", "KSDK2_MCUS", "FRDM", "KPSDK_MCUS", "KPSDK_CODE", "MCU_K64F", "K64F", "WIRED_IPV6" ],
"is_disk_virtual": true,
"inherits": ["K64F"],
"progen": {"target": "frdm-k64f"},
"detect_code": ["0240"],
"features": ["NANOSTACK", "ETHERNET_HOST"],
"release_versions": ["2", "5"],
"device_name": "MK64FN1M0xxx12"
}mbed-cli compile -j0 -t GCC_ARM -m K64F_IPV6 --profile mbed-os\tools\profiles\debug.json
[mbed] Working path "C:\_ccm\xxx\xxx-mbed5" (program)
[mbed] Global config:
ARM_PATH=C:\Program Files (x86)\ARM_Compiler_5.06u3
[mbed] Local config (C:\_ccm\xxx\xxx-mbed5):
TOOLCHAIN=GCC_ARM
TARGET=K64F_IPV6Thank you! we can confirm the issue and we are analysing mitigation and fixes.
ciarmcom
commented
7 years ago ARM Internal Ref: ONME-3052
TuomoHautamaki
commented
7 years ago The fix is under way and will be targeted to mbed OS 5.6 release
SeppoTakalo
commented
7 years ago Fixed in https://github.com/ARMmbed/sal-stack-nanostack/releases/tag/v6.2.0
Will be released in mbed OS 5.6. Fix is already in mbed OS master.
Description of Incident: The Neighbor discovery protocol implementation in the IPv6 stack of the embedded OS (MBED5.2) allows remote attackers to cause denial of service (CPU consumption and system hang) by sending huge amount of Router Advertisement (RA) messages with different source addresses. As router advertisement do not need to be authenticated, they are used to launch a link-local Dos attack.
Incident trigger: Running attack on multicast channel within same network. Attack via Ethernet cable.
Possible countermeasure: Program host to silently discard a router advertisement once the configurable limit is reached. Which will limit the scope of attack