SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (Firewall)  >   IP Filter Vendors:   Reed, Darren
(Caldera Issues Fix for SCO OpenServer) IP Filter Firewall Software May Let Unauthorized Packets Through the Firewall
SecurityTracker Alert ID:  1003811
SecurityTracker URL:  http://securitytracker.com/id/1003811
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Mar 13 2002
Impact:   Host/resource access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): up to and including 3.3.21 and 3.4.16
Description:   It is reported that a serious vulnerability exists in the IP Filter firewall software. When the firewall is using "fragment caching", a remote user can send nearly any packet through the firewall.

According to the vendor, when the firewall is matching a packet fragment, only srcip, dstip and IP ID# are checked and the fragment cache is checked *before* any firewall rules are checked. If all fragments are blocked with a firewall rule, fragment cache entries can still be created by packets that match current firewall state information.
Impact:   A remote user can send unauthorized packets through the firewall (if the firewall uses fragment caching).
Solution:   The vendor has released a fix for OpenServer:

ftp://stage.caldera.com/pub/security/openserver/CSSA-2002-SCO.9/

The verification checksum is:

MD5 (erg711678) = 7608023bdd367331a8088a92b114db5c

Upgrade the affected binaries with the following commands:

Download erg711678 to the /tmp directory

# cd /tmp
# tar xvf erg711678

Run the custom command, specify an install from media images, and specify the /tmp directory as the location of the images.
Vendor URL:  coombs.anu.edu.au/ipfilter/ip-filter.html (Links to External Site)
Cause:   State error
Underlying OS:   UNIX (Open UNIX-SCO)

Message History:   This archive entry is a follow-up to the message listed below.
Apr 6 2001 IP Filter Firewall Software May Let Unauthorized Packets Through the Firewall


 Source Message Contents
Date:  Mon, 11 Mar 2002 17:10:17 -0800
Subject:  Security Update: [CSSA-2002-SCO.9] OpenServer: IPFilter may incorrectly pass packets


--MfFXiAuoTsnnDAfZ
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: 8bit            

To: bugtraq@securityfocus.com announce@lists.caldera.com scoannmod@xenitec.on.ca 

___________________________________________________________________________

	    Caldera International, Inc. Security Advisory

Subject:		OpenServer: IPFilter may incorrectly pass packets
Advisory number: 	CSSA-2002-SCO.9
Issue date: 		2002 March 11
Cross reference:
___________________________________________________________________________


1. Problem Description

	When matching a packet fragment, insufficient checks were
	performed to ensure the fragment is valid.  Malicious remote
	users may be able to bypass filtering rules, allowing them to
	potentially circumvent the firewall.


2. Vulnerable Supported Versions

	Operating System	Version		Affected Files
	------------------------------------------------------------------
	OpenServer		<= 5.0.6a	/etc/ipnat
						/etc/ipfnat
						/etc/conf/pack.d/ipl/Driver.o
						/etc/ipmon
						/etc/ipfstat
						/etc/ipf


3. Workaround

	None.


4. OpenServer

  4.1 Location of Fixed Binaries

	ftp://stage.caldera.com/pub/security/openserver/CSSA-2002-SCO.9/


  4.2 Verification

	MD5 (erg711678) = 7608023bdd367331a8088a92b114db5c

	md5 is available for download from
		ftp://stage.caldera.com/pub/security/tools/


  4.3 Installing Fixed Binaries

	Upgrade the affected binaries with the following commands:

	Download erg711678 to the /tmp directory

	# cd /tmp
	# tar xvf erg711678

	Run the custom command, specify an install from media images,
	and specify the /tmp directory as the location of the images.


5. References

	This and other advisories are located at
		http://stage.caldera.com/support/security

	This advisory addresses Caldera Security internal incidents
	SCO-236-1763, erg711678


6. Disclaimer

	Caldera International, Inc. is not responsible for the misuse
	of any of the information we provide on our website and/or
	through our security advisories. Our advisories are a service
	to our customers intended to promote secure installation and
	use of Caldera International products.


7. Acknowledgements

	Caldera would like to admit borrowing the problem description
	text from FreeBSD security advisory FreeBSD-SA-01:32.

___________________________________________________________________________

--MfFXiAuoTsnnDAfZ
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (SCO_SV)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjyNVXkACgkQaqoBO7ipriEa9QCfSDu5P9TWfIo6vyPZ/szM4Gsu
qZIAn1mKiuh/B0f4yTNcN6aLTsnXH0QU
=gMJl
-----END PGP SIGNATURE-----

--MfFXiAuoTsnnDAfZ--


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2013, SecurityGlobal.net LLC