Linux kernel IGMP vulnerabilities

From: David Jacoby
Date: Wed Dec 15 2004 - 03:45:09 EST

Next message: Ingo Molnar: "Re: [patch, 2.6.10-rc3] safe_hlt() & NMIs"
Previous message: Jan Engelhardt: "Re: dynamic-hz"
Next in thread: YOSHIFUJI Hideaki / 吉藤英明: "Re: Linux kernel IGMP vulnerabilities"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi and Merry Xmas everyone!

I just have a little question, is there a way to turn on IGMP support in the kernel?, I removed
multicast support but is that enugh?

They said that you could see if you are vulnerable by looking at these files:

/proc/net/igmp
/proc/net/mcfilter

and if both existed and were non-emptu you were vulnerable.

On a defualt installation on Slackware 10 the files mcfilter
is empty but on other servers with various kernel versions
both files contains some data.

The slackware machine is running 2.4.24. As i said i removed
multicast support in the kernel but when i compiled it i saw
that it created igmp.o anyway.

Any advice about how people can patch this security issue?

Thnx!

//David

--
Outpost24 AB

David Jacoby
Research & Development

Office: +46-455-612310
Mobile: +46-455-612311
(www.outpost24.com) (dj@xxxxxxxxxxxxx)

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Ingo Molnar: "Re: [patch, 2.6.10-rc3] safe_hlt() & NMIs"
Previous message: Jan Engelhardt: "Re: dynamic-hz"
Next in thread: YOSHIFUJI Hideaki / 吉藤英明: "Re: Linux kernel IGMP vulnerabilities"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]