Re: [CVE-2012-0207] Linux IGMP Remote Denial Of Service

[xD 0x41 <secn3t () gmail com>]

On 18 January 2012 09:38, HI-TECH .
<isowarez.isowarez.isowarez () googlemail com> wrote:
> Tested and vulnerable against:
> * Linux kernels above or equal to 2.6.36 (local network)
>
> Untested
> * Your iPhone
> * I heard of rumours that the bug is triggerable using unicast
> addresses across the internet
>
> Am 17. Januar 2012 22:14 schrieb Dan Kaminsky <dan () doxpara com>:
> > LAN-only, no?
> >
> > Sent from my iPhone
> >
> > On Jan 17, 2012, at 4:11 PM, "HI-TECH ." <isowarez.isowarez.isowarez () googlemail com> wrote:
> >
> > > Demonstration of the Exploit:
> > > http://www.youtube.com/watch?v=78nAxh70yZE (thanks ClsHack)
> > >
> > > see attached content
> > >
> > > /Kingcope
> > > <undeadattack.c>
> > > _______________________________________________
> > > Full-Disclosure - We believe in it.
> > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > > Hosted and sponsored by Secunia - http://secunia.com/
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/


Best comeback i think i have seen on FD :)
thx for the morning laff,

also people dont realise that this is possible that this was only a
'poc' and not a really hardcore working d0s, but, you would probably
only need to modify optarg and possibly look at the igmp v3 packet
abit closer, better yet, look back to the bugs in the icmp stack, and
there was the same bugs in those years but they would cause the
machine to be rendered unuseable.
I suspect that this is only a 'snippet' of the reeel deal ;)
cheers kope, see you online in 5minutes!

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/