Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  news  community  lists  wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
Password Recovery Resources on the Net
[<prev] [next>] [<thread-prev] [month] [year] [list] 
Date: Wed, 21 Apr 2004 20:06:24 +0400
From: Solar Designer <solar@...nwall.com>
To: owl-users@...ts.openwall.com
Subject: Re: Linux 2.4.26-ow1, 2.0.40-ow1; new Owl ISO; Owl 1.1-stable

Hi Steve,

On Wed, Apr 21, 2004 at 10:25:07AM -0500, Steve Bremer wrote:
> In response to Tomasz's question, I don't see anything that would
> prevent this vulnerability in the Openwall Linux kernel patch.

Correct.

> However,
> and I'm still trying to find an answer to this myself, it may be that a
> kernel that is compiled without CONFIG_IP_MULTICAST is not vulnerable. 

Unfortunately, it does not appear so.

-- 
Alexander Peslyak <solar@...nwall.com>
GPG key ID: B35D3598  fp: 6429 0D7E F130 C13E C929  6447 73C3 A290 B35D 3598
http://www.openwall.com - bringing security into open computing environments

[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux