[19491] in bugtraq
Re: Loopback and multi-homed routing flaw in TCP/IP stack.
daemon@ATHENA.MIT.EDU (MaD dUCK)
Tue Mar 6 00:00:11 2001
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Message-ID: <20010305195042.A12028@madduck.net>
Date: Mon, 5 Mar 2001 19:50:42 -0500
Reply-To: MaD dUCK <madduck@MADDUCK.NET>
From: MaD dUCK <madduck@MADDUCK.NET>
X-To: Kyle Sparger <ksparger@DIALTONEINTERNET.NET>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <Pine.LNX.4.10.10103051704230.25424-100000@kyle>; from
"ksparger@DIALTONEINTERNET.NET" on Mon, Mar 05, 2001 at 06:03:04PM
also sprach Kyle Sparger (on Mon, 05 Mar 2001 06:03:04PM -0500):
> This information is incorrect; Linux does 'suffer' from this in at least
> version 2.2. I believe it also 'suffers' from this in 2.4. It's easy
> enough to replicate. For example, on ethernet, just assign a static
> MAC address for the IP in question for the server in question, and you'll
> get access to the appropriate interface.
2.2 is vulnerable, but 2.4 is not. as far as i can tell, 2.4 systems
don't even have a localhost routing entry anymore.
martin
[greetings from the heart of the sun]# echo madduck@!#:1:s@\@@@.net
--
your fly might be open (but don't check it just now).
