Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Linux
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: CAN-2004-1137

from [hilton de meillon] Network Security [Permanent Link]
Subject: RE: CAN-2004-1137
Date: Fri, 31 Dec 2004 08:43:24 +1000 
Sorry I should have included that info. Slackware 10. kernel 2.4.26.
 

-----Original Message-----
From: xyberpix [mailto:xyberpix@xyberpix.com] 
Sent: Friday, 31 December 2004 3:59 AM
To: hilton de meillon
Cc: focus-linux@securityfocus.com
Subject: Re: CAN-2004-1137

Hi hilton,

I have to ask, what kernel are you running, and what version of Slack?

xyberpix

On Thu, 2004-12-30 at 12:08 +1000, hilton de meillon wrote:

Hi All,

Can anyone tell me why not many distros have an update for the 
CAN-2004-1137 (among other kernel vulnerabilities) yet ?.

Ubuntu, Redhat, SuSe have updated kernels but pretty much all the rest 
do not have an updated kernel for this issue.

Secondly would 'iptables -A INPUT -p IGMP -j REJECT' protect my 
machine from remote attacks ?.

I tried this rule and then ran the proof of concept exploit from 
http://www.securityfocus.com/bid/11917/solution/ and it still crashed 
my
(slackware) machine. I am assuming that it connects over a unix socket 
or exploits one of the non-networked vulnerabilities as according to 
secfocus there are three actual vulnerabilities contained in this

vulnerability.


Lastly I would have to say that this is a bit of a shocker for the 
linux community, this vulnerability could be used with devastating 
effect, I am a bit disappointed with linux in this regard.

Any comments appreciated.

hilton



--
For Security and Open Source news and tips visit:

http://www.xyberpix.com
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: CAN-2004-1137, xyberpix
Previous by Thread:  Re: CAN-2004-1137, xyberpix
Next by Thread:  Re: which distribution to choose, Christian Sahm
Indexes:  [Date] [Thread] [Top] [All Lists]