RE: CAN-2004-1137

From: hilton de meillon (hiltond_at_hotpop.com)
Date: 12/30/04


To: "'xyberpix'" <xyberpix@xyberpix.com>
Date: Fri, 31 Dec 2004 08:43:24 +1000

Sorry I should have included that info. Slackware 10. kernel 2.4.26.
 

-----Original Message-----
From: xyberpix [mailto:xyberpix@xyberpix.com]
Sent: Friday, 31 December 2004 3:59 AM
To: hilton de meillon
Cc: focus-linux@securityfocus.com
Subject: Re: CAN-2004-1137

Hi hilton,

I have to ask, what kernel are you running, and what version of Slack?

xyberpix

On Thu, 2004-12-30 at 12:08 +1000, hilton de meillon wrote:
> Hi All,
>
> Can anyone tell me why not many distros have an update for the
> CAN-2004-1137 (among other kernel vulnerabilities) yet ?.
>
> Ubuntu, Redhat, SuSe have updated kernels but pretty much all the rest
> do not have an updated kernel for this issue.
>
> Secondly would 'iptables -A INPUT -p IGMP -j REJECT' protect my
> machine from remote attacks ?.
>
> I tried this rule and then ran the proof of concept exploit from
> http://www.securityfocus.com/bid/11917/solution/ and it still crashed
> my
> (slackware) machine. I am assuming that it connects over a unix socket
> or exploits one of the non-networked vulnerabilities as according to
> secfocus there are three actual vulnerabilities contained in this
vulnerability.
>
> Lastly I would have to say that this is a bit of a shocker for the
> linux community, this vulnerability could be used with devastating
> effect, I am a bit disappointed with linux in this regard.
>
> Any comments appreciated.
>
> hilton
>
>

--
For Security and Open Source news and tips visit:
http://www.xyberpix.com