Vulnerability Development mailing list archives
Re: linux userland ip spoofing vulnerability
From: thegnome () NMRC ORG (Simple Nomad)
Date: Wed, 27 Oct 1999 08:49:19 -0500
On Tue, 26 Oct 1999, CyberPsychotic wrote:
On Wed, 27 Oct 1999 out of nowhere Boo Hampshire spoke: ~ :There is code + documentation attached. ~ : this isn't vulnerability. AFAIK this is required by posix, that bind should allow you to bind any specific IP adress, not just 0.0.0.0:0. Many networking daemons rely on this feature to provide some specific configuration twirks. However if you don't feel comfortable that your users can bind local ports, you may apply patch by route(?) which requires a user to be in specific group to do so.. Alternatively you could just `fix' socketcall from within a module.
Route's patch was in (I believe) Phrack 52, and was for 2.0.33 or something like that. I've got an old 2.0.36 patch that has it included (along with a bunch of other stuff, like Solar Designer's security patches) all wrapped up at http://www.nmrc.org/files/sunix/nmrcOS.patch.tar.gz. The idea behind his tweak was that only users in certain groups could do certain things with sockets, and while Route had originally three different groups I just combined them into one. This will break shit for normal users (like being able to ping another host), but it does work. BTW since someone will ask I will eventually create a 2.2.x version of this patch now that Solar has ported his.... Simple Nomad // thegnome () nmrc org // ....no rest for the Wicca'd.... www.nmrc.org //
Current thread:
- AIM 3.0, (continued)
- AIM 3.0 Paul Keefer (Oct 28)
- Re: AIM 3.0 Aviram Jenik (Oct 28)
- Re: AIM 3.0 Blue Boar (Oct 30)
- Re: AIM 3.0 Daniel Reed (Oct 30)
- Re: AIM 3.0 Robert A. Seace (Oct 30)
- Re: AIM 3.0 Usman (Oct 31)
- Re: AIM 3.0 esl (Oct 31)
- Stealth executables (clarified) Brad Griffin (Oct 27)
- Re: linux userland ip spoofing vulnerability CyberPsychotic (Oct 26)
- Re: linux userland ip spoofing vulnerability Simple Nomad (Oct 27)
- Re: linux userland ip spoofing vulnerability Alan Cox (Oct 27)
- Re: linux userland ip spoofing vulnerability dave (Oct 27)