milliways-infosec/dirtyfrag
5
0
Fork 0
mirror of https://github.com/V4bel/dirtyfrag.git synced 2026-05-16 10:50:10 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Updates to limit problems with partial mitigation

Browse source
This commit is contained in:
Vijay Sarvepalli 2026-05-08 16:26:15 -04:00
parent 07995be9d9
commit 31a703691b
No known key found for this signature in database
GPG key ID: 9B04521A65892579
1 changed files with 12 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

12
README.md
View file

@ -65,6 +65,18 @@ This Dirty Frag has been tested on the following distribution versions.
sh -c "printf 'install esp4 /bin/false\ninstall esp6 /bin/false\ninstall rxrpc /bin/false\n' > /etc/modprobe.d/dirtyfrag.conf; rmmod esp4 esp6 rxrpc 2>/dev/null; echo 3 > /proc/sys/vm/drop_caches; true" sh -c "printf 'install esp4 /bin/false\ninstall esp6 /bin/false\ninstall rxrpc /bin/false\n' > /etc/modprobe.d/dirtyfrag.conf; rmmod esp4 esp6 rxrpc 2>/dev/null; echo 3 > /proc/sys/vm/drop_caches; true"
``` ```
Note: removing `esp4` and `esp6` will likely break IPsec/ESP VPN connectivity
for systems using IPsec (for example, strongSwan-based gateways).
On such systems, a temporary partial mitigation may be to disable only
`rxrpc`, which removes one exploit path used by the published chained
exploit while preserving IPsec functionality. This is not considered a
complete mitigation.
```bash
sh -c "printf 'install rxrpc /bin/false\n' > /etc/modprobe.d/dirtyfrag.conf; rmmod rxrpc 2>/dev/null; echo 3 > /proc/sys/vm/drop_caches; true"
```
2. Once each distribution backports a patch, update accordingly. 2. Once each distribution backports a patch, update accordingly.
# FAQ # FAQ