Re: CAN-2004-1137

Hello,

Check that link you included with your message again. 
There's a working fix on there if I'm not mistaken.

"It is reported that the following sysctl variables
may be set to disable IGMP functionality:

net.ipv4.igmp_max_msf = 0
net.ipv4.igmp_max_memberships = 0
net.ipv4.icmp_ignore_bogus_error_responses = 1 "

So to set these you'd just run

sysctl -w net.ipv4.igmp_max_msf=0



Hope this helps.

-Ray

--- hilton de meillon <hiltond@hotpop.com> wrote:

> Hi All,
>
> Can anyone tell me why not many distros have an
> update for the CAN-2004-1137
> (among other kernel vulnerabilities) yet ?. 
>
> Ubuntu, Redhat, SuSe have updated kernels but pretty
> much all the rest do
> not have an updated kernel for this issue. 
>
> Secondly would 'iptables -A INPUT -p IGMP -j REJECT'
> protect my machine from
> remote attacks ?.
>
> I tried this rule and then ran the proof of concept
> exploit from
> http://www.securityfocus.com/bid/11917/solution/ and
> it still crashed my
> (slackware) machine. I am assuming that it connects
> over a unix socket or
> exploits one of the non-networked vulnerabilities as
> according to secfocus
> there are three actual vulnerabilities contained in
> this vulnerability.
>
> Lastly I would have to say that this is a bit of a
> shocker for the linux
> community, this vulnerability could be used with
> devastating effect, I am a
> bit disappointed with linux in this regard.
>
> Any comments appreciated.
>
> hilton



                
__________________________________ 
Do you Yahoo!? 
All your favorites on one personal page ? Try My Yahoo!
http://my.yahoo.com