On Tue, Apr 28, 2009 at 6:31 PM, andrew.wallace <andrew.wallace@rocketmail.com> wrote:
Why are you alining yourself with a computer hacker? I thought you were trying to stop these guys releasing exploits in your line of work?
it didn't look like he did (to me)
On Tue, Apr 28, 2009 at 3:10 PM, Gadi Evron <ge@linuxbox.org> wrote:
This is one of them mysterious and rare cases where a non router OS vulnerability may affect network operations.
hrm, in reality a bunch of non-router vulnerabilities affect (to some extent anyway) network operations.
Sometimes news finds us in mysterious yet obvious ways.
HD Moore (respected security researcher) set a status which I noticed on my twitter:
@hdmoore reading through sctp_houdini.c - one-shot remote linux kernel root - http://kernelbof.blogspot.com/
I asked him about it on IM, wondering if it is real: "looks like that but requires a sctp app to be running"
one good thing, practically no sctp deployment... and, hopefully for networking equipment there's already local firewall/acl capability deployed. That said there are a few 'network devices' which are linux based (not just Vyatta! :) ) o Cisco Guards o Arbor Peakflow (at least the X version) o some-route-optmization systems o dns/mail/ntp/blah widgets It's nice to get some notice of this, it's also nice it got fixed in later kernels (who knows what kernel Peakflow-X has deployed or what custom mods happen to it?) Quickly searching <favorite search engine> shows quite a few SCTP/Linux problems reported over at least the last 2.5 years. The one mentioned here seems to be: CVE-2009-0065 reported Jan 5th 2009, only redhat reports back a fix so far (according to mitre). Putting on my Paul Quinn/Roland Dobbins/Darrel Lewis hat - another good argument for infrastructure acls!! :) -chris