Re: CAN-2004-1137
From: Ray Anthony (zionpsyfer_at_yahoo.com)
Date: 12/31/04
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 31 Dec 2004 03:51:12 -0800 (PST) To: focus-linux@securityfocus.com
Hello,
Check that link you included with your message again.
There's a working fix on there if I'm not mistaken.
"It is reported that the following sysctl variables
may be set to disable IGMP functionality:
net.ipv4.igmp_max_msf = 0
net.ipv4.igmp_max_memberships = 0
net.ipv4.icmp_ignore_bogus_error_responses = 1 "
So to set these you'd just run
sysctl -w net.ipv4.igmp_max_msf=0
Hope this helps.
-Ray
--- hilton de meillon <hiltond@hotpop.com> wrote:
> Hi All,
>
> Can anyone tell me why not many distros have an
> update for the CAN-2004-1137
> (among other kernel vulnerabilities) yet ?.
>
> Ubuntu, Redhat, SuSe have updated kernels but pretty
> much all the rest do
> not have an updated kernel for this issue.
>
> Secondly would 'iptables -A INPUT -p IGMP -j REJECT'
> protect my machine from
> remote attacks ?.
>
> I tried this rule and then ran the proof of concept
> exploit from
> http://www.securityfocus.com/bid/11917/solution/ and
> it still crashed my
> (slackware) machine. I am assuming that it connects
> over a unix socket or
> exploits one of the non-networked vulnerabilities as
> according to secfocus
> there are three actual vulnerabilities contained in
> this vulnerability.
>
> Lastly I would have to say that this is a bit of a
> shocker for the linux
> community, this vulnerability could be used with
> devastating effect, I am a
> bit disappointed with linux in this regard.
>
> Any comments appreciated.
>
> hilton
>
>
>
__________________________________
Do you Yahoo!?
All your favorites on one personal page – Try My Yahoo!
http://my.yahoo.com
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
