Package: procps Version: 2:3.3.15-2 Severity: important Tags: ipv6 security
Dear maintainers, on a fresh Debian stable (or sid) install, with a PC with one or more (wired) LAN interfaces, I can see following behaviour: a) In /etc/sysctl.conf, set net.ipv6.conf.all.accept_redirects = 0 net.ipv6.conf.default.accept_redirects = 0 b) Reboot c) Check the values in /proc - some interfaces are still 1 (some real interfaces, not just loopback). While nowadays, it's not a "big" security risk for most people, this still is an undesireable security problem, and might hint for a larger problem around sysctl settings in IPv6. For IPv4, everything seems to work fine (except loopback stays 1 there too, but that's expected I think). Thank you -- System Information: Debian Release: 10.5 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-10-amd64 (SMP w/2 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) Versions of packages procps depends on: ii init-system-helpers 1.56+nmu1 ii libc6 2.28-10 ii libncurses6 6.1+20181013-2+deb10u2 ii libncursesw6 6.1+20181013-2+deb10u2 ii libprocps7 2:3.3.15-2 ii libtinfo6 6.1+20181013-2+deb10u2 ii lsb-base 10.2019051400 Versions of packages procps recommends: pn psmisc <none> procps suggests no packages. -- no debconf information
