“If IPv6 connectivity to a victim is possible (which is always the case on local networks), a fragmented packet with multiple but one large extension header leads to a complete freeze of the operating system,” Heuse wrote on the Full Disclosure mailing list. “No log message or warning window is generated, nor is the system able to perform any task.”
“IPv6 support is enabled by default for network interfaces in Windows Vista and later, as well as in many Linux distributions and in Mac OS,” writes Computerworld’s Lucian Constantin. “IPv6 adoption on the Internet is relatively low at the moment so the number of computers that are publicly accessible over IPv6 is not very high. However, most computers are accessible over IPv6 on local networks and have local IPv6 addresses assigned to them by default.”
ZDNet’s Michael Lee reports that Kaspersky Lab has acknowledged the issue. “‘A private patch is currently available on demand, and an autopatch will soon be released to fix the problem automatically on every computer protected by Kaspersky Internet Security 2013,’ the company told ZDNet,” Lee writes.