Bug 457730 - linux-igd: linux-igd does not restrict itself to the internal interface
linux-igd: linux-igd does not restrict itself to the internal interface
Status: CLOSED NEXTRELEASE
Product: Fedora
Classification: Fedora
Component: linux-igd (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: MASA.H
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-08-04 06:42 EDT by Jan Lieskovsky
Modified: 2008-09-11 13:09 EDT (History)
1 user (show)

See Also:
Fixed In Version: linux-igd-1.0-7.fc10
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-09-11 13:03:47 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Proposed patch (1.66 KB, patch)
2008-08-04 06:42 EDT, Jan Lieskovsky
no flags Details | Diff

  None (edit)
Description Jan Lieskovsky 2008-08-04 06:42:20 EDT
Created attachment 313345 [details]
Proposed patch

Description of problem:

linux-igd listens for UDP mutlicast packets but does not restrict
itself to just the internal interface (which has to be specified in
any case), thereby opening itself to possible external requests for
port forwarding.   In many cases this would be blocked by firewalling
rules on the same machine as the daemon, so would not be any issue
there.

This can be fixed with a simple bind() or SO_BINDTODEVICE as in the
attached patch.  Note that this patch is against the latest CVS

Version-Release number of selected component (if applicable):

How reproducible:
No reproducer
 
Actual results:
linux-igd listens for UDP mutlicast packets but does not restrict
itself to just the internal interface (which has to be specified in
any case), thereby opening itself to possible external requests for
port forwarding.

Expected results:
linux-igd restrict itself to just the internal interface.

Additional info -- public mention of this issue: 

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=+441082
Comment 1 MASA.H 2008-08-04 11:20:00 EDT
I accepted your patch.Thanks for report.
Comment 2 Fedora Update System 2008-08-04 11:52:01 EDT
linux-igd-1.0-5.fc8 has been submitted as an update for Fedora 8
Comment 3 Fedora Update System 2008-08-04 12:06:16 EDT
linux-igd-1.0-6.fc9 has been submitted as an update for Fedora 9
Comment 4 Fedora Update System 2008-08-07 19:49:36 EDT
linux-igd-1.0-5.fc8 has been pushed to the Fedora 8 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update linux-igd'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F8/FEDORA-2008-6997
Comment 5 Fedora Update System 2008-08-07 19:56:35 EDT
linux-igd-1.0-6.fc9 has been pushed to the Fedora 9 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update linux-igd'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F9/FEDORA-2008-7091
Comment 6 Fedora Update System 2008-09-11 13:03:44 EDT
linux-igd-1.0-5.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 7 Fedora Update System 2008-09-11 13:09:49 EDT
linux-igd-1.0-6.fc9 has been pushed to the Fedora 9 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.