| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CALCvwp6md7FuorW5AHcTZbSBUzWWo4_FpsXtzf=TvgVfkbn0=g@mail.gmail.com> Date: Wed, 18 Jan 2012 09:58:57 +1100 From: xD 0x41 <secn3t@...il.com> To: "HI-TECH ." <isowarez.isowarez.isowarez@...glemail.com> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: [CVE-2012-0207] Linux IGMP Remote Denial Of Service On 18 January 2012 09:38, HI-TECH . <isowarez.isowarez.isowarez@...glemail.com> wrote: > Tested and vulnerable against: > * Linux kernels above or equal to 2.6.36 (local network) > > Untested > * Your iPhone > * I heard of rumours that the bug is triggerable using unicast > addresses across the internet > > Am 17. Januar 2012 22:14 schrieb Dan Kaminsky <dan@...para.com>: >> LAN-only, no? >> >> Sent from my iPhone >> >> On Jan 17, 2012, at 4:11 PM, "HI-TECH ." <isowarez.isowarez.isowarez@...glemail.com> wrote: >> >>> Demonstration of the Exploit: >>> http://www.youtube.com/watch?v=78nAxh70yZE (thanks ClsHack) >>> >>> see attached content >>> >>> /Kingcope >>> <undeadattack.c> >>> _______________________________________________ >>> Full-Disclosure - We believe in it. >>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>> Hosted and sponsored by Secunia - http://secunia.com/ > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ Best comeback i think i have seen on FD :) thx for the morning laff, also people dont realise that this is possible that this was only a 'poc' and not a really hardcore working d0s, but, you would probably only need to modify optarg and possibly look at the igmp v3 packet abit closer, better yet, look back to the bugs in the icmp stack, and there was the same bugs in those years but they would cause the machine to be rendered unuseable. I suspect that this is only a 'snippet' of the reeel deal ;) cheers kope, see you online in 5minutes! _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists