lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: pekkas at netcore.fi (Pekka Savola)
Subject: Re: Linux kernel IGMP vulnerabilities

Hi,

On Tue, 14 Dec 2004, Paul Starzetz wrote:
>
> Synopsis:  Linux kernel IGMP vulnerabilities
> Product:   Linux kernel
> Version:   2.4 up to and including 2.4.28, 2.6 up to and including 2.6.9
[...]
> Both parts of the IGMP subsystem have exploitable flaws:
>
> (1) the ip_mc_source() function, that can be called through the user API
> (the  IP_(UN)BLOCK_SOURCE,  IP_ADD/DROP_SOURCE_MEMBERSHIP  as  well   as
> MCAST_(UN)BLOCK_SOURCE  and  MCAST_JOIN/LEAVE_SOURCE_GROUP socket SOL_IP
> level options) suffers from a serious  kernel  hang  and  kernel  memory
> overwrite problem.
[...]

Does this also affect earlier 2.4 releases which did not yet 
incorporate IGMPv3?  If so, to which extent?  AFAIR, IGMPv3/MLDv2 was 
added in 2.4.22.

At least the PoC requires *_(UN)BLOCK_SOURCE APIs which were added 
with IGMPv3.

As far as I can see (a very quick look), 2.4 prior to 2.4.22 should 
not be (at least similarly) affected.

-- 
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings

Powered by blists - more mailing lists