Vulnerability Development mailing list archives
Re: linux userland ip spoofing vulnerability
From: fygrave () SCORPIONS NET (CyberPsychotic)
Date: Tue, 26 Oct 1999 14:45:24 +0600
On Wed, 27 Oct 1999 out of nowhere Boo Hampshire spoke: ~:There is code + documentation attached. ~: this isn't vulnerability. AFAIK this is required by posix, that bind should allow you to bind any specific IP adress, not just 0.0.0.0:0. Many networking daemons rely on this feature to provide some specific configuration twirks. However if you don't feel comfortable that your users can bind local ports, you may apply patch by route(?) which requires a user to be in specific group to do so.. Alternatively you could just `fix' socketcall from within a module.
Current thread:
- Re: Accessing IE/Netscape incomming data, (continued)
- Re: Accessing IE/Netscape incomming data CyberPsychotic (Oct 26)
- AIM 3.0 Paul Keefer (Oct 28)
- Re: AIM 3.0 Aviram Jenik (Oct 28)
- Re: AIM 3.0 Blue Boar (Oct 30)
- Re: AIM 3.0 Daniel Reed (Oct 30)
- Re: AIM 3.0 Robert A. Seace (Oct 30)
- Re: AIM 3.0 Usman (Oct 31)
- Re: AIM 3.0 esl (Oct 31)
- Stealth executables (clarified) Brad Griffin (Oct 27)
- Re: linux userland ip spoofing vulnerability CyberPsychotic (Oct 26)
- Re: linux userland ip spoofing vulnerability Simple Nomad (Oct 27)
- Re: linux userland ip spoofing vulnerability Alan Cox (Oct 27)
- Re: linux userland ip spoofing vulnerability dave (Oct 27)