BugTraq
Linux kernel IGMP vulnerabilities Dec 14 2004 10:31AM
Paul Starzetz (ihaquer isec pl) (2 replies)
Re: Linux kernel IGMP vulnerabilities Dec 15 2004 05:14AM
stephen joseph butler (stephen butler gmail com) (1 replies)
Re: Linux kernel IGMP vulnerabilities Dec 15 2004 12:34PM
Paul Starzetz (ihaquer isec pl) (1 replies)
Re: Linux kernel IGMP vulnerabilities Dec 15 2004 10:41PM
matthew-bugtraq newtoncomputing co uk (1 replies)
On Wed, Dec 15, 2004 at 01:34:33PM +0100, Paul Starzetz wrote:
> On Tue, 14 Dec 2004, stephen joseph butler wrote:
>
> > > /proc/net/igmp
> > > /proc/net/mcfilter
> > >
> > > if both exist and are non-empty you are vulnerable!
> >
> > Just to be clear: if "mcfilter" is empty, then you aren't vulnerable?
> > I have both files, and "igmp" contains data, but "mcfilter" is empty.
>
> You are not vulnerable to the remote attack described under (3), however
> your kernel may be still buggy. Note that you need a running process that
> has manipulated its multicast socket filters. If your kernel is buggy and
> you have local users such an application can always appear, at a time you
> don't expect it.

This afternoon I tried the exploit on my machine, which has exactly those
symptoms (data in igmp, mcfilter empty). It froze solid, hard power-cycle
required.

--
Matthew

[ reply ]
RE: Linux kernel IGMP vulnerabilities Dec 16 2004 04:10AM
Wolfpaw - Dale Corse (admin-lists wolfpaw net) (1 replies)
RE: Linux kernel IGMP vulnerabilities Dec 16 2004 11:13PM
Jirka Kosina (jikos jikos cz)
Re: Linux kernel IGMP vulnerabilities Dec 14 2004 05:16PM
Pekka Savola (pekkas netcore fi)


 

Privacy Statement
Copyright 2010, SecurityFocus