Regarding libip6t_rt.so being missing from Ubuntu Feisty... 1. Based on a quick Google search, the extension in question has existed since the 1.2 series of ip6tables, if not earlier. 2. The extension in question is documented at http://www.netfilter.org/documentation/HOWTO/netfilter-extensions-HOWTO-6.html 3. Other distributions also failed to ship the extension: I found a user's own attempt to patch RHEL/CentOS at http://patrick.vande-walle.eu/software/ipv6-vulnerability-in-rhel4centos4/ 4. The extension is promoted by SixXS and RIPE as the solution to the vunlerability. http://www.ripe.net/ripe/meetings/ripe-54/presentations/IPv6_Routing_Header.pdf 5. http://www.natisbad.org/ has been tracking changes in the Linux kernel that apparently are failing to disable the vulnerability at the kernel level.
This extension should be added immediately and encouraged for deployment. ** Summary changed: - iptables doesn't support rt match + ip6tables is missing libip6t_rt.so to filter the IPv6 RH0 exploit ** Tags added: ip6tables ipv6 rh0 vulnerability -- ip6tables is missing libip6t_rt.so to filter the IPv6 RH0 exploit https://bugs.launchpad.net/bugs/114184 You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs