mailing list archives
Re: Linux kernel IGMP vulnerabilities
From: Pekka Savola <pekkas () netcore fi>
Date: Tue, 14 Dec 2004 19:16:39 +0200 (EET)
On Tue, 14 Dec 2004, Paul Starzetz wrote:
Synopsis: Linux kernel IGMP vulnerabilities
Product: Linux kernel
Version: 2.4 up to and including 2.4.28, 2.6 up to and including 2.6.9
Both parts of the IGMP subsystem have exploitable flaws:
(1) the ip_mc_source() function, that can be called through the user API
(the IP_(UN)BLOCK_SOURCE, IP_ADD/DROP_SOURCE_MEMBERSHIP as well as
MCAST_(UN)BLOCK_SOURCE and MCAST_JOIN/LEAVE_SOURCE_GROUP socket SOL_IP
level options) suffers from a serious kernel hang and kernel memory
Does this also affect earlier 2.4 releases which did not yet
incorporate IGMPv3? If so, to which extent? AFAIR, IGMPv3/MLDv2 was
added in 2.4.22.
At least the PoC requires *_(UN)BLOCK_SOURCE APIs which were added
As far as I can see (a very quick look), 2.4 prior to 2.4.22 should
not be (at least similarly) affected.
Pekka Savola "You each name yourselves king, yet the
Netcore Oy kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
Full-Disclosure - We believe in it.