nanog mailing list archives
Re: one shot remote root for linux?
From: Christopher Morrow <morrowc.lists () gmail com>
Date: Tue, 28 Apr 2009 21:33:06 -0400
On Tue, Apr 28, 2009 at 6:31 PM, andrew.wallace <andrew.wallace () rocketmail com> wrote:
Why are you alining yourself with a computer hacker? I thought you were trying to stop these guys releasing exploits in your line of work?
it didn't look like he did (to me)
On Tue, Apr 28, 2009 at 3:10 PM, Gadi Evron <ge () linuxbox org> wrote:This is one of them mysterious and rare cases where a non router OS vulnerability may affect network operations.
hrm, in reality a bunch of non-router vulnerabilities affect (to some extent anyway) network operations.
Sometimes news finds us in mysterious yet obvious ways. HD Moore (respected security researcher) set a status which I noticed on my twitter: @hdmoore reading through sctp_houdini.c - one-shot remote linux kernel root - http://kernelbof.blogspot.com/ I asked him about it on IM, wondering if it is real: "looks like that but requires a sctp app to be running"
one good thing, practically no sctp deployment... and, hopefully for networking equipment there's already local firewall/acl capability deployed. That said there are a few 'network devices' which are linux based (not just Vyatta! :) ) o Cisco Guards o Arbor Peakflow (at least the X version) o some-route-optmization systems o dns/mail/ntp/blah widgets It's nice to get some notice of this, it's also nice it got fixed in later kernels (who knows what kernel Peakflow-X has deployed or what custom mods happen to it?) Quickly searching <favorite search engine> shows quite a few SCTP/Linux problems reported over at least the last 2.5 years. The one mentioned here seems to be: CVE-2009-0065 reported Jan 5th 2009, only redhat reports back a fix so far (according to mitre). Putting on my Paul Quinn/Roland Dobbins/Darrel Lewis hat - another good argument for infrastructure acls!! :) -chris
Current thread:
- one shot remote root for linux? Gadi Evron (Apr 28)
- Re: one shot remote root for linux? andrew.wallace (Apr 28)
- Re: one shot remote root for linux? Christopher Morrow (Apr 28)
- RE: one shot remote root for linux? Crooks, Sam (Apr 28)
- Re: one shot remote root for linux? Nathan Ward (Apr 28)
- RE: one shot remote root for linux? Gregory Boehnlein (Apr 28)
- RE: one shot remote root for linux? Paul Jakma (Apr 30)
- Re: one shot remote root for linux? Andre Gironda (Apr 30)
- Re: one shot remote root for linux? Paul Jakma (Apr 30)
- Re: one shot remote root for linux? Daryl G. Jurbala (Apr 30)
- Re: one shot remote root for linux? Christopher Morrow (Apr 28)
- Re: one shot remote root for linux? andrew.wallace (Apr 28)
- Re: one shot remote root for linux? Nathan Ward (Apr 29)
- Question. Cisco PIX/ASA Jo¢ (Apr 29)
- Re: Question. Cisco PIX/ASA virendra rode (Apr 30)