CAN-2004-1137

From: hilton de meillon (hiltond_at_hotpop.com)
Date: 12/30/04

  • Next message: xyberpix: "Re: CAN-2004-1137"
    To: <focus-linux@securityfocus.com>
    Date: Thu, 30 Dec 2004 12:08:08 +1000
    
    

    Hi All,

    Can anyone tell me why not many distros have an update for the CAN-2004-1137
    (among other kernel vulnerabilities) yet ?.

    Ubuntu, Redhat, SuSe have updated kernels but pretty much all the rest do
    not have an updated kernel for this issue.

    Secondly would 'iptables -A INPUT -p IGMP -j REJECT' protect my machine from
    remote attacks ?.

    I tried this rule and then ran the proof of concept exploit from
    http://www.securityfocus.com/bid/11917/solution/ and it still crashed my
    (slackware) machine. I am assuming that it connects over a unix socket or
    exploits one of the non-networked vulnerabilities as according to secfocus
    there are three actual vulnerabilities contained in this vulnerability.

    Lastly I would have to say that this is a bit of a shocker for the linux
    community, this vulnerability could be used with devastating effect, I am a
    bit disappointed with linux in this regard.

    Any comments appreciated.

    hilton


  • Next message: xyberpix: "Re: CAN-2004-1137"