Ask / Submit
36

Jolla is vulnerable to double direct ICMP spoofing

asked 2015-01-21 02:11:29 +0300

Tomasz gravatar image

updated 2015-01-21 12:23:31 +0300

misc11 gravatar image

The first notification is at, but I can not open it: https://together.jolla.com/question/65928/is-jolla-vulnerable-to-double-direct-icmp-spoofing/

At that time there was no vulnerability, but there is now (1.1.1.27, Vaarainjärvi):

[root@Jolla nemo]# cat /proc/sys/net/ipv4/conf/all/accept_redirects
1

For more information: http://blog.zimperium.com/doubledirect-zimperium-discovers-full-duplex-icmp-redirect-attacks-in-the-wild/

I can ask for a fix it?

edit retag flag offensive close delete

Comments

BUMP this is important!

misc11 ( 2015-01-21 12:22:46 +0300 )edit

1 Answer

Sort by » oldest newest most voted
13

answered 2015-01-21 13:53:54 +0300

tigeli gravatar image

updated 2015-01-27 15:33:12 +0300

Will look into this..

EDIT: Yes, on IPv4 the accept_redirects has value of 'true' but then again secure_redirects has also value of 'true' which means that the redirects are only accepted from the gateways defined in the routing table. However for IPv6 there is no secure_redirects therefore we will disable all icmp redirects completely on a future release for both IPv4 and IPv6.

edit flag offensive delete publish link more
Login/Signup to Answer

Question tools

Follow
3 followers

Stats

Asked: 2015-01-21 02:11:29 +0300

Seen: 950 times

Last updated: Jan 27 '15