| View previous topic :: View next topic |
| Author |
Message |
saltlick
n00b
Joined: 21 Jul 2004
Posts: 5
|
 Posted: Wed Dec 29, 2004 11:21 pm Post subject: CAN-2004-1137 kernel update ? |
 |
|
Hi All,
Can anyone tell me why we have not update for the CAN-2004-1137 (among other kernel vulnerabilities) yet ?. I know the gentoo sec team is probably flat out but i just thought it was strange as the 'other' distros have posted their updates (strangely enough neither has slackware).
Secondly would 'iptables -A INPUT -p IGMP -j REJECT' protect my machine from remote attacks ?.
I tried this rule and then ran the proof of concept exploit from http://www.securityfocus.com/bid/11917/solution/ and it still crashed my (slackware) machine. I am assuming that it connects over a unix socket or exploits one of the non-networked vulnerabilities as according to secfocus there are three actual vulnerabilities contained in this vulnerability.
Lastly I would have to say that this is a bit of a shocker for the linux community, this vulnerability could be used with devastating effect, I am a bit disappointed with linux in this regard.
Any comments appreciated. |
|
| Back to top |
|
 |
lewk
Retired Dev
Joined: 21 Dec 2003
Posts: 32
Location: Boston, MA
|
|
| Back to top |
|
|
saltlick
n00b
Joined: 21 Jul 2004
Posts: 5
|
| Posted: Mon Jan 31, 2005 11:47 am Post subject: thanks for the reply |
|
|
| thanks for the reply |
|
| Back to top |
|
|
|
Networking & Security
