On Tue, Apr 28, 2009 at 6:31 PM, andrew.wallace <andrew.wall...@rocketmail.com> wrote: > Why are you alining yourself with a computer hacker? I thought you > were trying to stop these guys releasing exploits in your line of > work?
it didn't look like he did (to me) > On Tue, Apr 28, 2009 at 3:10 PM, Gadi Evron <g...@linuxbox.org> wrote: >> This is one of them mysterious and rare cases where a non router OS >> vulnerability may affect network operations. >> hrm, in reality a bunch of non-router vulnerabilities affect (to some extent anyway) network operations. >> Sometimes news finds us in mysterious yet obvious ways. >> >> HD Moore (respected security researcher) set a status which I noticed on my >> twitter: >> >> @hdmoore reading through sctp_houdini.c - one-shot remote linux kernel >> root - http://kernelbof.blogspot.com/ >> >> I asked him about it on IM, wondering if it is real: >> "looks like that >> but requires a sctp app to be running" one good thing, practically no sctp deployment... and, hopefully for networking equipment there's already local firewall/acl capability deployed. That said there are a few 'network devices' which are linux based (not just Vyatta! :) ) o Cisco Guards o Arbor Peakflow (at least the X version) o some-route-optmization systems o dns/mail/ntp/blah widgets It's nice to get some notice of this, it's also nice it got fixed in later kernels (who knows what kernel Peakflow-X has deployed or what custom mods happen to it?) Quickly searching <favorite search engine> shows quite a few SCTP/Linux problems reported over at least the last 2.5 years. The one mentioned here seems to be: CVE-2009-0065 reported Jan 5th 2009, only redhat reports back a fix so far (according to mitre). Putting on my Paul Quinn/Roland Dobbins/Darrel Lewis hat - another good argument for infrastructure acls!! :) -chris
