LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page net.ipv4.conf.all.mc_forwarding CVE-2016-5696
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 08-13-2016, 06:03 PM   #1
charly78
Member
 
Registered: Aug 2012
Location: Toronto,Canada
Posts: 73

Rep: Reputation: Disabled
net.ipv4.conf.all.mc_forwarding CVE-2016-5696

Recent exploit patching I am having some trouble and my question is how can I change the value of

Code:
# echo 'net.ipv4.tcp_challenge_ack_limit = 999999999' >>/etc/sysctl.conf;sysctl -p
sysctl: permission denied on key 'net.ipv4.tcp_challenge_ack_limit'
http://cve.mitre.org/cgi-bin/cvename...=CVE-2016-5696

For Debian users
https://security-tracker.debian.org/.../CVE-2016-5696


I used nano to edit but when I try to load the configuration file in /etc/sysctl.conf

Code:
sysctl -p
sysctl: permission denied on key 'net.ipv4.tcp_challenge_ack_limit'
I rebooted I am not sure how to check if it has taken the configuration how to check and how to make it take the change?
 
Old 08-13-2016, 06:11 PM   #2
Emerson
LQ Sage
 
Registered: Nov 2004
Location: Saint Amant, Acadiana
Distribution: Gentoo ~amd64
Posts: 7,661

Rep: Reputation: Disabled
Try this (no spaces):
Code:
sysctl -w net.ipv4.tcp_challenge_ack_limit=999999999
 
Old 08-13-2016, 08:50 PM   #3
charly78
Member
 
Registered: Aug 2012
Location: Toronto,Canada
Posts: 73

Original Poster
Rep: Reputation: Disabled
Code:
~# sysctl -w net.ipv4.tcp_challenge_ack_limit=999999999
sysctl: permission denied on key 'net.ipv4.tcp_challenge_ack_limit'
 
Old 08-13-2016, 08:54 PM   #4
charly78
Member
 
Registered: Aug 2012
Location: Toronto,Canada
Posts: 73

Original Poster
Rep: Reputation: Disabled
oh wait hang on a second.. i forgot this is actually openvz urg I guess I need to do this on the main metal hardware part...
 
Old 08-13-2016, 08:57 PM   #5
Emerson
LQ Sage
 
Registered: Nov 2004
Location: Saint Amant, Acadiana
Distribution: Gentoo ~amd64
Posts: 7,661

Rep: Reputation: Disabled
Is this a hardened box?
 
Old 08-13-2016, 09:00 PM   #6
charly78
Member
 
Registered: Aug 2012
Location: Toronto,Canada
Posts: 73

Original Poster
Rep: Reputation: Disabled
ok on the hardware node looks like it took. thanks for your help. forgot it was a openvz container

Code:
# echo 'net.ipv4.tcp_challenge_ack_limit = 999999999' >>/etc/sysctl.conf;sysctl -p
kernel.sysrq = 1
net.ipv4.ip_forward = 1
net.ipv4.conf.default.proxy_arp = 0
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.send_redirects = 1
net.ipv6.conf.all.forwarding = 1
net.ipv6.conf.default.forwarding = 1
net.ipv4.conf.all.send_redirects = 0
net.ipv4.tcp_challenge_ack_limit = 999999999
 
Old 08-13-2016, 09:10 PM   #7
charly78
Member
 
Registered: Aug 2012
Location: Toronto,Canada
Posts: 73

Original Poster
Rep: Reputation: Disabled
maybe you could be more specific?


Quote:
Originally Posted by Emerson View Post
Is this a hardened box?
 
Old 08-15-2016, 12:15 PM   #8
ihaveavirus
LQ Newbie
 
Registered: Jul 2016
Distribution: RHEL
Posts: 22

Rep: Reputation: Disabled
Quote:
Originally Posted by charly78 View Post
maybe you could be more specific?
I think the poster was asking if system had been locked down (reducing common security risks) since you were receiving permission denied errors. Also, its best practice to test kernel parameter changes in the run time environment first, before committing them to the system.
 
  


Reply

Tags
debian, ipv4, kernel 3, sysctl



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Update openssh for CVE-2015-5600 and CVE-2016-3115 LXer Syndicated Linux News 0 03-22-2016 10:50 AM
cve-2016-0728 sylye Slackware 4 01-22-2016 07:13 AM
Disabling IPv4 packet forwarding: net.ipv4.ip_forward = 0 (CentOS 5.5) troiwulful Red Hat 3 11-22-2010 11:04 AM
Permission problem writing to /proc/sys/net/ipv4/conf/ethXX/proxy_arp commers Linux - Networking 3 08-28-2010 07:08 PM
Tricky net.ipv4 variables in sysctl.conf fandango512 Linux - Networking 0 10-18-2008 08:18 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 06:11 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration