Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: linux userland ip spoofing vulnerability

From: thegnome () NMRC ORG (Simple Nomad)
Date: Wed, 27 Oct 1999 08:49:19 -0500

On Tue, 26 Oct 1999, CyberPsychotic wrote:


On Wed, 27 Oct 1999 out of nowhere Boo Hampshire spoke:

~ :There is code + documentation attached.
~ :

 this isn't vulnerability. AFAIK this is required by posix, that bind
should allow you to bind any specific IP adress, not just 0.0.0.0:0. Many
networking daemons rely on this feature to provide some specific
configuration twirks. However if you don't feel comfortable that your
users can bind local ports, you may apply patch by route(?) which requires
a user to be in specific group to do so.. Alternatively you could just
`fix' socketcall from within a module.



Route's patch was in (I believe) Phrack 52, and was for 2.0.33 or
something like that. I've got an old 2.0.36 patch that has it included
(along with a bunch of other stuff, like Solar Designer's security
patches) all wrapped up at
http://www.nmrc.org/files/sunix/nmrcOS.patch.tar.gz. The idea behind his
tweak was that only users in certain groups could do certain things with
sockets, and while Route had originally three different groups I just
combined them into one. This will break shit for normal users (like being
able to ping another host), but it does work.

BTW since someone will ask I will eventually create a 2.2.x version of
this patch now that Solar has ported his....

    Simple Nomad    //
 thegnome () nmrc org  //  ....no rest for the Wicca'd....
    www.nmrc.org    //
Previous By Date Next
Previous By Thread Next

Current thread: