Thread Info
  • State Verified Answer
  • +2 person also asked this people also asked this
  • Locked Locked
  • Replies 13 replies
  • Subscribers 6 subscribers
  • Views 24751 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Is UTM 9 affected by CVE-2016-10229?

Pheckphul

CVE-2016-10229 is a remotely executable Linux kernel vulnerability. I would like to know if UTM 9 is vulnerable (evidently some kernel configurations aren't as RHEL 7 isn't), and if so, when should we see an update remedying this?



This thread was automatically locked due to age.
Parents
  • 0

    Sean, if you have "Any" or "Internet" in 'Allowed Networks' for 'Shell Access', you will want to change that.  There should only be specific IPs that you control in that box.  I would also add a DNS Group for Sophos Support unless you're already on 9.411.  My clients also have my IPs and the "(User Network)" object for my user, allowing me to remote into their UTM to provide support.  Whether the stripped-down Linux on the UTM is vulnerable to this exploit should be a moot point.

    Cheers - Bob

  • 0 in reply to BAlfson

    BAlfson said:

    Sean, if you have "Any" or "Internet" in 'Allowed Networks' for 'Shell Access', you will want to change that.  There should only be specific IPs that you control in that box.  I would also add a DNS Group for Sophos Support unless you're already on 9.411.  My clients also have my IPs and the "(User Network)" object for my user, allowing me to remote into their UTM to provide support.  Whether the stripped-down Linux on the UTM is vulnerable to this exploit should be a moot point.

    Cheers - Bob

     

     

    Sorry, but your response is meaningless. This vulnerability has nothing to do with shell access, and everything to do with the Linux kernel IP stack. So, being a firewall/router, and whose purpose is to protect/service my network and its connection to the Internet, which is IP based, having an IP stack is necessary. As referenced in my OP, this vulnerability is exploited by specially crafted UDP packets which result in code execution:

     

    udp.c in the Linux kernel before 4.5 allows remote attackers to execute arbitrary code via UDP traffic that triggers an unsafe second checksum calculation during execution of a recv system call with the MSG_PEEK flag.

Reply
  • 0 in reply to BAlfson

    BAlfson said:

    Sean, if you have "Any" or "Internet" in 'Allowed Networks' for 'Shell Access', you will want to change that.  There should only be specific IPs that you control in that box.  I would also add a DNS Group for Sophos Support unless you're already on 9.411.  My clients also have my IPs and the "(User Network)" object for my user, allowing me to remote into their UTM to provide support.  Whether the stripped-down Linux on the UTM is vulnerable to this exploit should be a moot point.

    Cheers - Bob

     

     

    Sorry, but your response is meaningless. This vulnerability has nothing to do with shell access, and everything to do with the Linux kernel IP stack. So, being a firewall/router, and whose purpose is to protect/service my network and its connection to the Internet, which is IP based, having an IP stack is necessary. As referenced in my OP, this vulnerability is exploited by specially crafted UDP packets which result in code execution:

     

    udp.c in the Linux kernel before 4.5 allows remote attackers to execute arbitrary code via UDP traffic that triggers an unsafe second checksum calculation during execution of a recv system call with the MSG_PEEK flag.

Children