I have been doing a bit of research - there are numerous instances of
iptables scripts containing rules to block IGMP using iptables - am I
correct in saying that IGMP is on the network layer IP protocol 2 hence all
the iptables rulesets claiming to block igmp are misinformed ?.
Is there a igmptables or any other way of selectively blocking IGMP using
linux ?.
Hilton.
-----Original Message-----
From: hilton de meillon [mailto:hiltond@hotpop.com]
Sent: Friday, 31 December 2004 8:43 AM
To: 'xyberpix'
Cc: focus-linux@securityfocus.com
Subject: RE: CAN-2004-1137
Sorry I should have included that info. Slackware 10. kernel 2.4.26.
-----Original Message-----
From: xyberpix [mailto:xyberpix@xyberpix.com]
Sent: Friday, 31 December 2004 3:59 AM
To: hilton de meillon
Cc: focus-linux@securityfocus.com
Subject: Re: CAN-2004-1137
Hi hilton,
I have to ask, what kernel are you running, and what version of Slack?
xyberpix
On Thu, 2004-12-30 at 12:08 +1000, hilton de meillon wrote:
Hi All,
Can anyone tell me why not many distros have an update for the
CAN-2004-1137 (among other kernel vulnerabilities) yet ?.
Ubuntu, Redhat, SuSe have updated kernels but pretty much all the rest
do not have an updated kernel for this issue.
Secondly would 'iptables -A INPUT -p IGMP -j REJECT' protect my
machine from remote attacks ?.
I tried this rule and then ran the proof of concept exploit from
http://www.securityfocus.com/bid/11917/solution/ and it still crashed
my
(slackware) machine. I am assuming that it connects over a unix socket
or exploits one of the non-networked vulnerabilities as according to
secfocus there are three actual vulnerabilities contained in this
vulnerability.
Lastly I would have to say that this is a bit of a shocker for the
linux community, this vulnerability could be used with devastating
effect, I am a bit disappointed with linux in this regard.
Any comments appreciated.
hilton
--
For Security and Open Source news and tips visit:
http://www.xyberpix.com
