[19517] in bugtraq
Re: Loopback and multi-homed routing flaw in TCP/IP stack.
daemon@ATHENA.MIT.EDU (Kurt Seifried)
Tue Mar 6 17:05:03 2001
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-ID: <006c01c0a5fd$6caf2360$3200030a@seifried.org>
Date: Mon, 5 Mar 2001 22:22:22 -0700
Reply-To: Kurt Seifried <bugtraq@SEIFRIED.ORG>
From: Kurt Seifried <bugtraq@SEIFRIED.ORG>
X-To: MaD dUCK <madduck@MADDUCK.NET>
To: BUGTRAQ@SECURITYFOCUS.COM
Kurt Seifried, seifried@securityportal.com
Securityportal - your focal point for security on the 'net
> 2.2 is vulnerable, but 2.4 is not. as far as i can tell, 2.4 systems
> don't even have a localhost routing entry anymore.
>
> martin
Huh?
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16128 Metric:1
RX packets:46 errors:0 dropped:0 overruns:0 frame:0
TX packets:46 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
[root@stench /root]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.3.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 10.3.0.1 0.0.0.0 UG 0 0 0 eth0
[root@stench /root]# uname -a
Linux stench.seifried.org 2.4.0-0.26 #1 Fri Aug 25 08:31:55 EDT 2000 i686
unknown
It does in older 2.4.0's, haven't tried 2.4.1/2.4.2 however.
Kurt Seifried, seifried@securityportal.com
Securityportal - your focal point for security on the 'net
