SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (Firewall)  >   IP Filter Vendors:   Reed, Darren
(CIAC Issues Bulletin) Re: IP Filter Firewall Software May Let Unauthorized Packets Through the Firewall
SecurityTracker Alert ID:  1001386
SecurityTracker URL:  http://securitytracker.com/id/1001386
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Apr 21 2001
Impact:   Host/resource access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): up to and including 3.3.21 and 3.4.16
Description:   It is reported that a serious vulnerability exists in the IP Filter firewall software. When the firewall is using "fragment caching", a remote user can send nearly any packet through the firewall.

According to the vendor, when the firewall is matching a packet fragment, only srcip, dstip and IP ID# are checked and the fragment cache is checked *before* any firewall rules are checked. If all fragments are blocked with a firewall rule, fragment cache entries can still be created by packets that match current firewall state information.
Impact:   A remote user can send unauthorized packets through the firewall (if the firewall uses fragment caching).
Solution:   The vendor provides some directions on how to disable fragment caching in the source message. Also, patches are available.
Vendor URL:  coombs.anu.edu.au/ipfilter/ip-filter.html (Links to External Site)
Cause:   State error
Underlying OS:   UNIX (FreeBSD)

Message History:   This archive entry is a follow-up to the message listed below.
Apr 6 2001 IP Filter Firewall Software May Let Unauthorized Packets Through the Firewall


 Source Message Contents
Date:  Fri, 20 Apr 2001 14:53:14 -0700 (PDT)
Subject:  CIAC BULLETIN L-075 FreeBSD IPFilter May Incorrectly Pass Packets


  [ For Public Release ]
-----BEGIN PGP SIGNED MESSAGE-----





             __________________________________________________________

                       The U.S. Department of Energy
                     Computer Incident Advisory Center
                           ___  __ __    _     ___
                          /       |     /_\   /
                          \___  __|__  /   \  \___
             __________________________________________________________

                             INFORMATION BULLETIN

                 FreeBSD IPFilter May Incorrectly Pass Packets
                 [FreeBSD Bulletin FreeBSD-SA-01:32 [Revised]]

April 20, 2001 00:00 GMT                                          Number L-075
______________________________________________________________________________
PROBLEM:       The IPFilter package is used to implement the FreeBSD firewall 
               function. A vulnerability may allow packets to bypass the 
               filter. 
PLATFORM:      FreeBSD 3.x (all releases), FreeBSD 4.x (all releases), FreeBSD 
               3.5-STABLE, and 4.2-STABLE prior to the correction date that 
               use the IPFilter function. 
DAMAGE:        A malicious user could create packets that would bypass the 
               firewall. 
SOLUTION:      If you use the IPFilter function, install the patches as shown 
               in the FreeBSD bulletin FreeBSD-SA-01:32 
______________________________________________________________________________
VULNERABILITY  The risk is LOW. An intruder would have to know the state 
ASSESSMENT:    information of existing packet streams in order to bypass the 
               firewall function. If you do not use the IPFilter function, you 
               are not impacted. 
______________________________________________________________________________

   [***** Start FreeBSD Bulletin *****]

  http://www.ciac.org/ciac/bulletins/l-075.shtml

   [***** End FreeBSD Bulletin *****]


-----BEGIN PGP SIGNATURE-----
Version: 4.0 Business Edition

iQCVAwUBOuCtSLnzJzdsy3QZAQFDYAQAyohXXsu4tlDHDcaqDXGedjtlBPf262Jb
qw6LXMpWeEgLAdune5FTUhpX4H7DxZovGtgAIDqO3OUr81zUCuxt+GcxSMVTitTz
rznxh3vFqy4yMO1kmupzokuBYiLOfADptEcL/LV0GaaJ7bvByBFMgW8rLhAS1Tlx
+8QeEiWKC1U=
=R6ym
-----END PGP SIGNATURE-----

-+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+
This message was posted through the FIRST mailing list server.  If you
wish to unsubscribe from this mailing list, send the message body of
"unsubscribe first-info" to first-majordomo@FIRST.ORG
-+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2013, SecurityGlobal.net LLC