SecurityFocus

Linux kernel IGMP vulnerabilities Dec 14 2004 10:31AM
Paul Starzetz (ihaquer isec pl) (2 replies)

Re: Linux kernel IGMP vulnerabilities Dec 15 2004 05:14AM
stephen joseph butler (stephen butler gmail com) (1 replies)

Re: Linux kernel IGMP vulnerabilities Dec 15 2004 12:34PM
Paul Starzetz (ihaquer isec pl) (1 replies)

On Tue, 14 Dec 2004, stephen joseph butler wrote:

> > /proc/net/igmp
> > /proc/net/mcfilter
> >
> > if both exist and are non-empty you are vulnerable!
>
> Just to be clear: if "mcfilter" is empty, then you aren't vulnerable?
> I have both files, and "igmp" contains data, but "mcfilter" is empty.

You are not vulnerable to the remote attack described under (3), however
your kernel may be still buggy. Note that you need a running process that
has manipulated its multicast socket filters. If your kernel is buggy and
you have local users such an application can always appear, at a time you
don't expect it.

--
Paul Starzetz
iSEC Security Research
http://isec.pl/

[ reply ]

Re: Linux kernel IGMP vulnerabilities Dec 15 2004 10:41PM
matthew-bugtraq newtoncomputing co uk (1 replies)

RE: Linux kernel IGMP vulnerabilities Dec 16 2004 04:10AM
Wolfpaw - Dale Corse (admin-lists wolfpaw net) (1 replies)

RE: Linux kernel IGMP vulnerabilities Dec 16 2004 11:13PM
Jirka Kosina (jikos jikos cz)

Re: Linux kernel IGMP vulnerabilities Dec 14 2004 05:16PM
Pekka Savola (pekkas netcore fi)