CVE-2017-6074
- Thread starter Evg33
- Start date
-
- Tags
- cve-2017-6074
You may workaround this CVE for now by overwriting the DCCP module with /bin/false in /etc/modprobe.d , e.g.:
This needs no reboot, IF the module wasn't loaded already.
Check if the module is in use with:
once loaded implicitly by an process on the system opening an DCCP socket the module cannot be unloaded, even when forcing an unload.
If such a situation happened I advise using the above method to disable it and then reboot.
Note that also blacklisting works, but then the module could be loaded by hand or by other non-blacklisted modules, the above approach results in never ever load the module.
For such a blacklist approach blacklist at least the following: dccp dccp_diag dccp_ipv4 dccp_ipv6 dccp_probe
We're working on releasing the fix.
Code:
echo "install dccp /bin/false" > /etc/modprobe.d/blacklist-dccp.confThis needs no reboot, IF the module wasn't loaded already.
Check if the module is in use with:
Code:
lsmod | grep dccpIf such a situation happened I advise using the above method to disable it and then reboot.
Note that also blacklisting works, but then the module could be loaded by hand or by other non-blacklisted modules, the above approach results in never ever load the module.
For such a blacklist approach blacklist at least the following: dccp dccp_diag dccp_ipv4 dccp_ipv6 dccp_probe
We're working on releasing the fix.
Last edited: