Project

General

Profile

Actions
Copy link

Bug #1583

closed

IPv6 IPs with :: trigger DNS rebinding

Added by Chris Buechler over 13 years ago. Updated over 12 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
Web Interface
Target version:
2.1
Start date:
06/05/2011
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.1-IPv6
Affected Architecture:

Description

When browsing to an IPv6 IP containing :: the DNS rebinding check is triggered as the :: causes part of the IP to be dropped before it's checked.

On line 66 in auth.inc, [2101:170:f2f2:1::2] becomes only 2101:170:f2f2:1: where it should be 2101:170:f2f2:1::2.

Actions
Copy link
 #1

Updated by Seth Mos over 13 years ago

I currently can not replicate this on my local install but it has not been synced for a few weeks. Also, this install uses a alternate port number for the webui.

Actions
Copy link
 #2

Updated by Seth Mos over 13 years ago

Confirmed that without a alternate port you do in fact trigger a DNS rebinding attack.

Found another gem related to this.

The changes have been applied successfully.
One moment...redirecting to http://[2001/system_advanced_admin.php in 20 seconds.

Note that the IP address here is incorrect

Actions
Copy link
 #3

Updated by Seth Mos over 13 years ago

  • Status changed from New to Feedback

Committed patches for both rebind and referrer checks.

Added patch for redirect url.

Actions
Copy link
 #4

Updated by Seth Mos over 12 years ago

  • Status changed from Feedback to Resolved

Considering this resolved

Actions
Copy link

Also available in: Atom PDF