From: Ray Anthony (zionpsyfer_at_yahoo.com)
Date: Fri, 31 Dec 2004 03:51:12 -0800 (PST) To: email@example.com
Check that link you included with your message again.
There's a working fix on there if I'm not mistaken.
"It is reported that the following sysctl variables
may be set to disable IGMP functionality:
net.ipv4.igmp_max_msf = 0
net.ipv4.igmp_max_memberships = 0
net.ipv4.icmp_ignore_bogus_error_responses = 1 "
So to set these you'd just run
sysctl -w net.ipv4.igmp_max_msf=0
Hope this helps.
--- hilton de meillon <firstname.lastname@example.org> wrote:
> Hi All,
> Can anyone tell me why not many distros have an
> update for the CAN-2004-1137
> (among other kernel vulnerabilities) yet ?.
> Ubuntu, Redhat, SuSe have updated kernels but pretty
> much all the rest do
> not have an updated kernel for this issue.
> Secondly would 'iptables -A INPUT -p IGMP -j REJECT'
> protect my machine from
> remote attacks ?.
> I tried this rule and then ran the proof of concept
> exploit from
> http://www.securityfocus.com/bid/11917/solution/ and
> it still crashed my
> (slackware) machine. I am assuming that it connects
> over a unix socket or
> exploits one of the non-networked vulnerabilities as
> according to secfocus
> there are three actual vulnerabilities contained in
> this vulnerability.
> Lastly I would have to say that this is a bit of a
> shocker for the linux
> community, this vulnerability could be used with
> devastating effect, I am a
> bit disappointed with linux in this regard.
> Any comments appreciated.
Do you Yahoo!?
All your favorites on one personal page – Try My Yahoo!