Issue metadata
Sign in to add a comment
|
Security: ChromeOS accepts ICMP redirects
Reported by
eternalg...@gmail.com,
Mar 28 2016
|
||||||||||||||||||||||
Issue descriptionVULNERABILITY DETAILS Chromeos accepts ICMP redirects, ICMP redirects are not needed for chromebooks. They are laptops not servers/routers. Accepting ICMP Redirects can alter the Routing Table, this can be used by a Malicious Hacker to get access to sensitive information. VERSION ChromeOS Version: Current Stable Operating System: ChromeOS REPRODUCTION CASE An attacker sends a malicious ICMP redirect, the chromebook accepts it and alters its routing table, therefore the attacker can now manipulate the chromebooks routing. This can be used for MITM attacks etc. MITIGATION Execute the following command: /bin/echo "0" > /proc/sys/net/ipv4/conf/all/accept_redirects Or set the following to 0 in /etc/sysctl.conf net.ipv4.conf.all.accept_redirects = 0 net.ipv6.conf.all.accept_redirects = 0
,
Mar 28 2016
If this will be fixed then you should consider mitigating SMURF attacks too. You can do that by setting "net.ipv4.icmp_echo_ignore_broadcasts = 0" in /etc/sysctl.conf. Kind Regards, Jordy Zomer
,
Mar 28 2016
Those both seem like worthwhile things to fix, assuming we haven't intentionally enabled them for some reason. Relatedly, see b/19977811 (Googlers only, sorry). vapier/smbarber: Looks like you two were last to touch chromiumos-overlay/chromeos-base/chromeos-base. Can one of you look into this?
,
Mar 28 2016
this was already fixed about a month ago via b/27219551: https://chromium-review.googlesource.com/327598
,
Mar 28 2016
How about the smurf attack, has that been mitigated? Kind Regards, Jordy Zomer
,
Mar 28 2016
Yeah, redirects were fixed. Jordy: Feel free to open a new bug and cc me for comment #2, closing this one since original issue has been resolved.
,
Mar 28 2016
,
Mar 28 2016
Oh, I missed b/27219551 / CL 327598. Thanks! It looks like the CL for b/19977811 was more comprehensive (e.g., it also addressed the concern about SMURF attacks from Comment 2 above). Should we consider making that the default on CrOS?
,
Mar 28 2016
Issue 598370 has been merged into this issue.
,
Mar 28 2016
,
Mar 28 2016
Since Will duped the bug I explicitly asked to be opened, I presume he wants to own this side of it.
,
Jun 10 2016
it looks like this was done. c#2 setting is already there in https://cs.corp.google.com/chromeos_public/src/third_party/chromiumos-overlay/chromeos-base/chromeos-base/files/00-sysctl.conf?rcl=f45b399ee91b03e9ea8f17b7164b382479c11f1a&l=46. CLosing.
,
Jun 11 2016
,
Jun 11 2016
Thank you for informing me, glad it got fixed. Kind Regards, Jordy Zomer
,
Jul 1 2016
,
Aug 29 2016
,
Oct 1 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Oct 1 2016
,
Oct 2 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Oct 2 2016
,
Oct 7 2016
,
Nov 19 2016
,
Jan 21 2017
,
Mar 4 2017
,
Apr 17 2017
,
May 30 2017
,
Aug 1 2017
,
Oct 14 2017
|
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by wfh@chromium.org
, Mar 28 2016Components: Internals>Network
Labels: Security_Severity-Low Security_Impact-Stable OS-Chrome Pri-2
Owner: mdempsky@chromium.org
Status: Assigned (was: Unconfirmed)