Re: [Masq] ip_masq_irc vulnerability

Mon, 06 Aug 2001 22:39:48 -0700 

/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! 
/* ALSO: Don't quote this header. It makes you look lame :-) */


Matilainen wrote:

> Can I install it to 2.2.16-22 kernel?

i don't know. possibly. try it. if it fails, patch it by hand.

> Ok, another question, where I should I put the
> 01-ip_masq_irc-2.2.19-dcc_check-3.diff file? Any other I should do for the
> patch to work? Thanks.
> ----- Original Message -----
> From: "raf" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
> Sent: Monday, August 06, 2001 11:54 AM
> Subject: [Masq] ip_masq_irc vulnerability
> 
> > a note to those using the ip_masq_irc module.
> >
> > > *** {01.31.023} Linux - Linux kernel IRC/DCC masquerading helper
> > >                 vulnerability
> > >
> > > A bug was found in the various IRC DCC/CTCP masquerading helper modules
> > > shipped with the various Linux kernels. It's possible for a remote
> > > attacker/Web site to open arbitrary ports on a masquerading Linux
> > > firewall by "spoofing" the DCC/CTCP connect commands. This results
> > > in the IRC helper module processing the commands and opening ports
> > > in an effort to allow the incoming DCC/CTCP session.
> > >
> > > This vulnerability has been confirmed. A patch is available at:
> > > http://archives.neohapsis.com/archives/bugtraq/2001-07/0750.html
> > >
> > > Source: SecurityFocus Bugtraq
> > > http://archives.neohapsis.com/archives/bugtraq/2001-07/0733.html
> > > http://archives.neohapsis.com/archives/bugtraq/2001-07/0750.html
> >
> > raf

it looks like it should go in /usr/src assuming that
your kernel sources are in /usr/src/linux.
if you don't know how to use patch, read the patch(1) manpage.

it'll be something like:

  mv 01-ip_masq_irc-2.2.19-dcc_check-3.diff /usr/src
  cd /usr/src
  patch -p0 < 01-ip_masq_irc-2.2.19-dcc_check-3.diff

and then recompile and install modules.

raf

_______________________________________________
Masq maillist  -  [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ -- 
THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]

PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.

Reply via email to