Re: CAN-2004-1137

From: Ray Anthony (zionpsyfer_at_yahoo.com)
Date: 12/31/04

  • Next message: hilton de meillon: "RE: CAN-2004-1137"
    Date: Fri, 31 Dec 2004 03:51:12 -0800 (PST)
    To: focus-linux@securityfocus.com
    
    

    Hello,

    Check that link you included with your message again.
    There's a working fix on there if I'm not mistaken.

    "It is reported that the following sysctl variables
    may be set to disable IGMP functionality:

    net.ipv4.igmp_max_msf = 0
    net.ipv4.igmp_max_memberships = 0
    net.ipv4.icmp_ignore_bogus_error_responses = 1 "

    So to set these you'd just run

    sysctl -w net.ipv4.igmp_max_msf=0

    Hope this helps.

    -Ray

    --- hilton de meillon <hiltond@hotpop.com> wrote:

    > Hi All,
    >
    > Can anyone tell me why not many distros have an
    > update for the CAN-2004-1137
    > (among other kernel vulnerabilities) yet ?.
    >
    > Ubuntu, Redhat, SuSe have updated kernels but pretty
    > much all the rest do
    > not have an updated kernel for this issue.
    >
    > Secondly would 'iptables -A INPUT -p IGMP -j REJECT'
    > protect my machine from
    > remote attacks ?.
    >
    > I tried this rule and then ran the proof of concept
    > exploit from
    > http://www.securityfocus.com/bid/11917/solution/ and
    > it still crashed my
    > (slackware) machine. I am assuming that it connects
    > over a unix socket or
    > exploits one of the non-networked vulnerabilities as
    > according to secfocus
    > there are three actual vulnerabilities contained in
    > this vulnerability.
    >
    > Lastly I would have to say that this is a bit of a
    > shocker for the linux
    > community, this vulnerability could be used with
    > devastating effect, I am a
    > bit disappointed with linux in this regard.
    >
    > Any comments appreciated.
    >
    > hilton
    >
    >
    >

                    
    __________________________________
    Do you Yahoo!?
    All your favorites on one personal page Try My Yahoo!
    http://my.yahoo.com


  • Next message: hilton de meillon: "RE: CAN-2004-1137"

    Relevant Pages

    • Re: M$ attack on Common Sense
      ... are flaws in the OS itself that enable the virus to work. ... doesn't have flaws and vulnerabilities. ... It's certainly NOT advocacy for Linux IMO..... ... if it's unfair to lump all open source software together for ...
      (comp.os.linux.misc)
    • Re: M$ attack on Common Sense
      ... are flaws in the OS itself that enable the virus to work. ... doesn't have flaws and vulnerabilities. ... It's certainly NOT advocacy for Linux IMO..... ... if it's unfair to lump all open source software together for ...
      (alt.computer.security)
    • Re: M$ attack on Common Sense
      ... are flaws in the OS itself that enable the virus to work. ... doesn't have flaws and vulnerabilities. ... It's certainly NOT advocacy for Linux IMO..... ... if it's unfair to lump all open source software together for ...
      (comp.os.ms-windows.nt.admin.security)
    • Re: Macintosh OS X Vulnerabilities (anyone out there?)
      ... I'm a linux user, know more about PCs, linux and ... There must exist vulnerabilities, known, unknown, ... Do You Yahoo!? ... Mail has the best spam protection around ...
      (Security-Basics)
    • Re: Macintosh OS X Vulnerabilities (anyone out there?)
      ... Or just Google for OS X Vulnerabilities - ... > I'm a linux user, know more about PCs, linux and ... Do You Yahoo!? ... Mail has the best spam protection around ...
      (Security-Basics)