For CVE-2017-6074, I want to check if DCCP protocol is enabled in my system.
As per the information available at https://www.suse.com/support/kb/doc/?id=7018645, DCCP protocol does not get installed in SLES 11 by default.
But how can I confirm this?
Hi
Do you have the ‘extra’ module repository active?
Check for a blacklist entry in /etc/modprobe.d/
fgrep -r "dccp" /etc/modprobe.d/*
Check with netstat for the dccp ports from the output of;
cat /etc/services |grep dccp
Search with zypper for dccp, if it’s installed, then remove and add a
lock with zypper.
zypper se dccp
zypper rm <package_name>
zypper al <package_name>
Finally add a blacklist entry in /etc/modprobe.d/99-local.conf and run
mkinitrd.
–
Cheers Malcolm °¿° SUSE Knowledge Partner (Linux Counter #276890)
openSUSE Leap 42.1|GNOME 3.16.2|4.1.36-44-default
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below… Thanks!
[QUOTE=malcolmlewis;36743]Hi
Do you have the ‘extra’ module repository active?
NO
Check for a blacklist entry in /etc/modprobe.d/
fgrep -r "dccp" /etc/modprobe.d/*
NO Output
Check with netstat for the dccp ports from the output of;
cat /etc/services |grep dccp
No ports are open.
Search with zypper for dccp, if it’s installed, then remove and add a
lock with zypper.
zypper se dccp
zypper rm <package_name>
zypper al <package_name>
No output for “zypper se dccp”
Finally add a blacklist entry in /etc/modprobe.d/99-local.conf and run
mkinitrd.
–
Cheers Malcolm °¿° SUSE Knowledge Partner (Linux Counter #276890)
openSUSE Leap 42.1|GNOME 3.16.2|4.1.36-44-default
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below… Thanks![/QUOTE]
Thanks for your help.
Hi Malcom,
i still have some systems with SLES 10 SP4. It seems that DCCP is implemented as a kernel module:
[CODE]pc53200:/var/lib/mysql/backup # zgrep -i dccp /proc/config.gz
CONFIG_NETFILTER_XT_MATCH_DCCP=m
DCCP Configuration (EXPERIMENTAL)
CONFIG_IP_DCCP=m
CONFIG_INET_DCCP_DIAG=m
DCCP CCIDs Configuration (EXPERIMENTAL)
CONFIG_IP_DCCP_CCID3=m
CONFIG_IP_DCCP_TFRC_LIB=m
DCCP Kernel Hacking
CONFIG_IP_DCCP_DEBUG is not set
CONFIG_IP_DCCP_UNLOAD_HACK is not set
pc53200:/var/lib/mysql/backup # lsmod|grep -i dccp
pc53200:/var/lib/mysql/backup #[/CODE]
Does that mean that i’m not vulnerable ?
If i understand https://en.wikipedia.org/wiki/Datagram_Congestion_Control_Protocol correctly, it does not use neither tcp nor udp. So it can’t be visible with netstat ?
Executing the other steps you mentioned does not give any hint to dccp.
Bernd
Hi
So if you try modprobe dccp does it appear in the output of lsmod? I’m
guessing yes (since it’s configured as a loadable module), so unless an
admin loads it, it won’t get used…
So, you could blacklist it, or setup a cron job to check and delete the
module(s) if there;
ls /lib/modules/`uname -r`/kernel/net/dccp
–
Cheers Malcolm °¿° SUSE Knowledge Partner (Linux Counter #276890)
openSUSE Leap 42.1|GNOME 3.16.2|4.1.36-44-default
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below… Thanks!