VPN Leak CVE-2019-14899 is it in Sfos?
asked 2019-12-09 17:09:31 +0200
Hello all,
as some people already noticed recently would be a leak in Linux spotted by the VPN Interface.
https://seclists.org/oss-sec/2019/q4/122
https://www.bleepingcomputer.com/news/security/new-linux-vulnerability-lets-attackers-hijack-vpn-connections/
2nd link explain more clearly:
"The researchers discovered that most of the Linux distros they tested were vulnerable to attacks exploiting this flaw. They also found that all distros that use systemd versions released after November 28, 2018, that come with Reverse Path filtering switched from Strict mode to Loose mode, are vulnerable."
I think for the best, should jolla check the config by all devices and close this thread, or fix it.
Have a nice sails.
Cheers
Based on
Mohjive ( 2019-12-09 18:35:45 +0200 )editcat /proc/sys/net/ipv4/conf/*/rp_filteronly returning '1' (strict) for all interfaces but lo (which has 0 = no check) I'd say Sailfish (3.2.0.14) isn't affected.But then I don't have VPN, so I don't know what setting that interface will have.
Mohjive ( 2019-12-09 18:36:55 +0200 )editI don't really understand what is the current solution until the fix. If it should be in strict or loose mode. In the link i've provided seems that it should be in loose mode (=2).... The paragraph on rp_filter is for me not so clear.
cemoi71 ( 2019-12-09 18:51:06 +0200 )editNo, it should be strict(1) for security : "Current recommended practice in RFC3704 is to enable strict mode to prevent IP spoofing from DDos attacks. If using asymmetric routing or other complicated routing, then loose mode is recommended.". (https://linuxreviews.org/Systemd_Opened_Security_Hole_In_Linux,_VPNs_Could_Be_Compromised)
Mohjive ( 2019-12-09 19:04:05 +0200 )editcorrect i've seen it too. thx ;-)
cemoi71 ( 2019-12-09 19:09:43 +0200 )edit