SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Security)  >   ipmasq Vendors:   Bassett, Brian
ipmasq Filtering Rules May Let Remote Users Pass Unauthorized Packets Through the Firewall
SecurityTracker Alert ID:  1007769
SecurityTracker URL:  http://securitytracker.com/id/1007769
CVE Reference:   CVE-2003-0785   (Links to External Site)
Date:  Sep 21 2003
Impact:   Host/resource access via network
Vendor Confirmed:  Yes  
Version(s): 3.5.10
Description:   A vulnerability was reported in 'ipmasq'. A remote user may be able to forward unauthorized packets through the firewall.

It is reported that ipmasq contains improper filtering rules that may cause inbound packets received on the external interface and addressed for an internal host to be forwarded, regardless of whether the packets is part of an established connection.

A remote user may be able to bypass the firewall's access controls and send packets through the firewall.

Impact:   A remote user may be able to send unauthorized packets through the firewall.
Solution:   It appears that no upstream solution was available at the time of this entry.

[Editor's note: Debian has released a fix for Debian Linux. A separate alert will be issued regarding the Debian fix -- see the Message History.]

Vendor URL:  www.bbassett.net/ipmasq/ (Links to External Site)
Cause:   Access control error, Configuration error, State error
Underlying OS:  Linux (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Sep 21 2003 (Debian Issues Fix) ipmasq Filtering Rules May Let Remote Users Pass Unauthorized Packets Through the Firewall
Debian has released a fix.



 Source Message Contents

Subject:  ipmasq


CVE: CAN-2003-0785

Debian reorted a vulnerability in the 'ipmasq' package.  The scripts reportedly contain 
"improper filtering rules" that may cause inbound packets received on the external 
interface and addressed for an internal host to be forwarded, regardless of whether the 
packets is part of an established connection.



 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC