CVE-2020-11091 – Weave Net clusters susceptible to MitM attacks via IPv6 rogue router advertisements

https://notcve.org/view.php?id=CVE-2020-11091

03 Jun 2020 — In Weave Net before version 2.6.3, an attacker able to run a process as root in a container is able to respond to DNS requests from the host and thereby insert themselves as a fake service. In a cluster with an IPv4 internal network, if IPv6 is not totally disabled on the host (via ipv6.disable=1 on the kernel cmdline), it will be either unconfigured or configured on some interfaces, but it's pretty likely that ipv6 forwarding is disabled, ie /proc/sys/net/ipv6/conf//forwarding == 0. Also by default, /proc/... • https://github.com/weaveworks/weave/commit/15f21f1899060f7716c70a8555a084e836f39a60 • CWE-350: Reliance on Reverse DNS Resolution for a Security-Critical Action •