On Thu 09 Mar 2017 02:24:01 PM CST, berndgsflinux wrote:

Hi Malcom,

i still have some systems with SLES 10 SP4. It seems that DCCP is
implemented as a kernel module:


Code:
--------------------
pc53200:/var/lib/mysql/backup # zgrep -i dccp /proc/config.gz
CONFIG_NETFILTER_XT_MATCH_DCCP=m
# DCCP Configuration (EXPERIMENTAL)
CONFIG_IP_DCCP=m
CONFIG_INET_DCCP_DIAG=m
# DCCP CCIDs Configuration (EXPERIMENTAL)
CONFIG_IP_DCCP_CCID3=m
CONFIG_IP_DCCP_TFRC_LIB=m
# DCCP Kernel Hacking
# CONFIG_IP_DCCP_DEBUG is not set
# CONFIG_IP_DCCP_UNLOAD_HACK is not set

pc53200:/var/lib/mysql/backup # lsmod|grep -i dccp
pc53200:/var/lib/mysql/backup #
--------------------


Does that mean that i'm not vulnerable ?

If i understand
https://en.wikipedia.org/wiki/Datagr...ntrol_Protocol
correctly, it does not use neither tcp nor udp. So it can't be visible
with netstat ?

Executing the other steps you mentioned does not give any hint to dccp.

Bernd


Hi
So if you try modprobe dccp does it appear in the output of lsmod? I'm
guessing yes (since it's configured as a loadable module), so unless an
admin loads it, it won't get used...

So, you could blacklist it, or setup a cron job to check and delete the
module(s) if there;

Code:
ls /lib/modules/`uname -r`/kernel/net/dccp

--
Cheers Malcolm °¿° SUSE Knowledge Partner (Linux Counter #276890)
openSUSE Leap 42.1|GNOME 3.16.2|4.1.36-44-default
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below... Thanks!