Re: Loopback and multi-homed routing flaw in TCP/IP stack.

[Kyle Sparger <ksparger () DIALTONEINTERNET NET>]

Woody said:
> Known Not Vulnerable:
>         Linux - RH6.2 stock kernel

This information is incorrect;  Linux does 'suffer' from this in at least
version 2.2.  I believe it also 'suffers' from this in 2.4.  It's easy
enough to replicate.  For example, on ethernet, just assign a static
MAC address for the IP in question for the server in question, and you'll
get access to the appropriate interface.

Elias Levy said:
> Its obvious that host that implement the Weak ES model are the ones
> vulnerable, while hosts that implement the Strong ES model are not.

I had a similar discussion with the maintainers of the Linux stack a few
months ago.  The following quotes (both from Andi Kleen, a listed
maintainer) apply here:

"You're describing the Strong ES model (see 3.3.4.2). Linux 2.2 follows
the weak ES model."

"There are already enough mechanisms to enforce a stronger model if
needed:  reject routes, firewall rules, routing filter, arpfilter."

-------------------------------------------------------------------------

Ultimately, the 'expected' behaviour depends on how you view the addresses
on the machine -- Are they system wide, or are they per-interface? -- and
therein lies the debate of weak v. strong.

Given that on UNIX-like systems one generally assigns an address to an
interface (via ifconfig), IMO the 'expected' behaviour is that the strong
model is what is implemented.   The implication is certainly there.


Thanks,

Kyle Sparger - Senior System Administrator
ksparger () dialtoneinternet net - http://www.dialtoneinternet.net
Voice - (954) 581-0097 x 122
"Forget college, I'm going pro."