FreeBSD ipfw和ip6fw访问限制绕过漏洞

FreeBSD ipfw和ip6fw访问限制绕过漏洞

漏洞ID 1106183 漏洞类型 未知
发布时间 2001-01-23 更新时间 2005-05-02
图片[1]-FreeBSD ipfw和ip6fw访问限制绕过漏洞-安全小百科CVE编号 CVE-2001-0183
图片[2]-FreeBSD ipfw和ip6fw访问限制绕过漏洞-安全小百科CNNVD-ID CNNVD-200103-103
漏洞平台 FreeBSD CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/20593
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200103-103
|漏洞详情
FreeBSD4.2及其之前版本的ipfw和ip6fw存在漏洞。远程攻击者可以通过设置TCP数据包的ECE标志绕过访问限制,该漏洞导致此数据包作为已建立连接的一部分显示出来。
|漏洞EXP
source: www.securityfocus.com/bid/2293/info

There exists a serious vulnerability in FreeBSD's implementation of packet filtering for IPv4 and IPv6.

The vulnerability exists in situations where a filtering rule permits packets through if they are part of an established connection.

It is possible for packets that are not part of an established connection to be allowed through. These packets must have the ECE flag set, which is in the TCP reserved options field.

Exploitation of this vulnerability may allow for unauthorized remote access to otherwise protected services. 

https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/20593.tgz
|参考资料

来源:BID
名称:2293
链接:http://www.securityfocus.com/bid/2293
来源:FREEBSD
名称:FreeBSD-SA-01:08
链接:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:08.ipfw.asc
来源:XF
名称:ipfw-bypass-firewall(5998)
链接:http://xforce.iss.net/xforce/xfdb/5998
来源:BUGTRAQ
名称:20010125ecepass-proofofconceptcodeforFreeBSDipfwbypass
链接:http://www.security-express.com/archives/bugtraq/2001-01/0424.html
来源:OSVDB
名称:1743
链接:http://www.osvdb.org/1743
来源:CIAC
名称:L-029
链接:http://www.ciac.org/ciac/bulletins/l-029.shtml

相关推荐: Slackware rc.M Runlevel Script Unexpected Partition Remounting Weakness

Slackware rc.M Runlevel Script Unexpected Partition Remounting Weakness 漏洞ID 1100306 漏洞类型 Design Error 发布时间 2003-05-22 更新时间 2003-0…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享