OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Exploit-Dev Archives: Re: linux userland ip spoofing vulnerabil

Re: linux userland ip spoofing vulnerability

Simple Nomad (thegnomeNMRC.ORG)
Wed, 27 Oct 1999 08:49:19 -0500

On Tue, 26 Oct 1999, CyberPsychotic wrote:

> On Wed, 27 Oct 1999 out of nowhere Boo Hampshire spoke:
>
> ~ :There is code + documentation attached.
> ~ :
>
> this isn't vulnerability. AFAIK this is required by posix, that bind
> should allow you to bind any specific IP adress, not just 0.0.0.0:0. Many
> networking daemons rely on this feature to provide some specific
> configuration twirks. However if you don't feel comfortable that your
> users can bind local ports, you may apply patch by route(?) which requires
> a user to be in specific group to do so.. Alternatively you could just
> `fix' socketcall from within a module.
>

Route's patch was in (I believe) Phrack 52, and was for 2.0.33 or
something like that. I've got an old 2.0.36 patch that has it included
(along with a bunch of other stuff, like Solar Designer's security
patches) all wrapped up at
http://www.nmrc.org/files/sunix/nmrcOS.patch.tar.gz. The idea behind his
tweak was that only users in certain groups could do certain things with
sockets, and while Route had originally three different groups I just
combined them into one. This will break shit for normal users (like being
able to ping another host), but it does work.

BTW since someone will ask I will eventually create a 2.2.x version of
this patch now that Solar has ported his....

    Simple Nomad //
 thegnomenmrc.org // ....no rest for the Wicca'd....
    www.nmrc.org //

This archive was generated by hypermail 2.0b3 on Thu Oct 28 1999 - 14:02:11 CDT