| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 14 Dec 2004 19:16:39 +0200 (EET) From: Pekka Savola <pekkas@...core.fi> To: security@...c.pl Cc: bugtraq@...urityfocus.com, vulnwatch@...nwatch.org, full-disclosure@...ts.netsys.com Subject: Re: Linux kernel IGMP vulnerabilities Hi, On Tue, 14 Dec 2004, Paul Starzetz wrote: > > Synopsis: Linux kernel IGMP vulnerabilities > Product: Linux kernel > Version: 2.4 up to and including 2.4.28, 2.6 up to and including 2.6.9 [...] > Both parts of the IGMP subsystem have exploitable flaws: > > (1) the ip_mc_source() function, that can be called through the user API > (the IP_(UN)BLOCK_SOURCE, IP_ADD/DROP_SOURCE_MEMBERSHIP as well as > MCAST_(UN)BLOCK_SOURCE and MCAST_JOIN/LEAVE_SOURCE_GROUP socket SOL_IP > level options) suffers from a serious kernel hang and kernel memory > overwrite problem. [...] Does this also affect earlier 2.4 releases which did not yet incorporate IGMPv3? If so, to which extent? AFAIR, IGMPv3/MLDv2 was added in 2.4.22. At least the PoC requires *_(UN)BLOCK_SOURCE APIs which were added with IGMPv3. As far as I can see (a very quick look), 2.4 prior to 2.4.22 should not be (at least similarly) affected. -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
Powered by blists - more mailing lists