Bugtraq mailing list archives

Re: Loopback and multi-homed routing flaw in TCP/IP stack.

From: Kurt Seifried <bugtraq () SEIFRIED ORG>
Date: Mon, 5 Mar 2001 22:22:22 -0700

Kurt Seifried, seifried () securityportal com
Securityportal - your focal point for security on the 'net

2.2 is vulnerable, but 2.4 is not. as far as i can tell, 2.4 systems
don't even have a localhost routing entry anymore.

martin


Huh?

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16128  Metric:1
          RX packets:46 errors:0 dropped:0 overruns:0 frame:0
          TX packets:46 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0

[root@stench /root]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.3.0.0        0.0.0.0         255.255.255.0   U     0      0        0 eth0
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
0.0.0.0         10.3.0.1        0.0.0.0         UG    0      0        0 eth0
[root@stench /root]# uname -a
Linux stench.seifried.org 2.4.0-0.26 #1 Fri Aug 25 08:31:55 EDT 2000 i686
unknown

It does in older 2.4.0's, haven't tried 2.4.1/2.4.2 however.

Kurt Seifried, seifried () securityportal com
Securityportal - your focal point for security on the 'net

Current thread:

Re: Loopback and multi-homed routing flaw in TCP/IP stack., (continued)
- - Re: Loopback and multi-homed routing flaw in TCP/IP stack. ddowney (Mar 05)
    - Re: Loopback and multi-homed routing flaw in TCP/IP stack. Perry Harrington (Mar 05)
    - Re: Loopback and multi-homed routing flaw in TCP/IP stack. Ben Laurie (Mar 06)
    - Re: Loopback and multi-homed routing flaw in TCP/IP stack. Perry Harrington (Mar 06)
    - Re: Loopback and multi-homed routing flaw in TCP/IP stack. Ben Laurie (Mar 06)
    - Re: Loopback and multi-homed routing flaw in TCP/IP stack. Dan Harkless (Mar 06)
- Re: Loopback and multi-homed routing flaw in TCP/IP stack. Kyle Sparger (Mar 05)
  - Re: Loopback and multi-homed routing flaw in TCP/IP stack. MaD dUCK (Mar 05)
    - Re: Loopback and multi-homed routing flaw in TCP/IP stack. J. Bol (Mar 06)
    - Re: Loopback and multi-homed routing flaw in TCP/IP stack. Kyle Sparger (Mar 06)
    - Re: Loopback and multi-homed routing flaw in TCP/IP stack. Kurt Seifried (Mar 06)
- Re: Loopback and multi-homed routing flaw in TCP/IP stack. Neil W Rickert (Mar 05)
  - Re: Loopback and multi-homed routing flaw in TCP/IP stack. Ben Laurie (Mar 06)
    - Re: Loopback and multi-homed routing flaw in TCP/IP stack. David Litchfield (Mar 06)
    - Re: Loopback and multi-homed routing flaw in TCP/IP stack. Robert Collins (Mar 06)
    - Re: Loopback and multi-homed routing flaw in TCP/IP stack. Lincoln Yeoh (Mar 07)
  - Message not available
    - Re: Loopback and multi-homed routing flaw in TCP/IP stack. Lars Mathiesen (Mar 06)
- Re: Loopback and multi-homed routing flaw in TCP/IP stack. Lothar Beta (Mar 06)
  - Re: Loopback and multi-homed routing flaw in TCP/IP stack. David Damerell (Mar 06)
- Re: Loopback and multi-homed routing flaw in TCP/IP stack. 3APA3A (Mar 06)
  - Re: Loopback and multi-homed routing flaw in TCP/IP stack. Martin Macok (Mar 06)

(Thread continues...)