CERTA-2002-AVI-021

Vulnerability from certfr_avis - Published: - Updated:

Ipfilter est une collection d'outils de filtrage de paquets répandue dans le monde Unix. Une vulnérabilité permet d'accéder aux ports normalement bloqués des hôtes protégés par le pare-feu.

Description

Le cache de gestion des fragments a pour objet de laisser passer les fragments d'un paquet IP correspondant à une session/connexion précédement acceptée par le module de filtrage. Hors, ce cache ne se base que sur l'entête IP, il est alors possible, après avoir initié une connexion autorisée, d'envoyer des fragments vers des ports arbitraires.

Solution

Mettre à jour les sources ou le paquetage, selon les vendeurs :

  • Sources d'Ipfilter :

    ftp://coombs.anu.edu.au/pub/net/ip-filter/

  • HP-UX :

    http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=B9901AA

  • FreeBSD :

    ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:32/ipfilter.patch

  • NetBSD : se conformer à l'avis cité dans la documentation.

  • OpenBSD 2.8 voir :

    http://www.openbsd.org/errata28.html#ipf_frag
None
Impacted products
Vendor Product Description
OpenBSD OpenBSD OpenBSD 2.8 et inférieures
FreeBSD N/A FreeBSD 4.2 et inférieures
NetBSD N/A NetBSD 1.5 et inférieures
N/A N/A HP-UX 11.00 et 11.11
N/A N/A Versions d'Ipfilter 3.4.16 et inférieures
References

Show details on source website
To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "OpenBSD 2.8 et inf\u00e9rieures",
      "product": {
        "name": "OpenBSD",
        "vendor": {
          "name": "OpenBSD",
          "scada": false
        }
      }
    },
    {
      "description": "FreeBSD 4.2 et inf\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "FreeBSD",
          "scada": false
        }
      }
    },
    {
      "description": "NetBSD 1.5 et inf\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "NetBSD",
          "scada": false
        }
      }
    },
    {
      "description": "HP-UX 11.00 et 11.11",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Versions d\u0027Ipfilter 3.4.16 et inf\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nLe cache de gestion des fragments a pour objet de laisser passer les\nfragments d\u0027un paquet IP correspondant \u00e0 une session/connexion\npr\u00e9c\u00e9dement accept\u00e9e par le module de filtrage. Hors, ce cache ne se\nbase que sur l\u0027ent\u00eate IP, il est alors possible, apr\u00e8s avoir initi\u00e9 une\nconnexion autoris\u00e9e, d\u0027envoyer des fragments vers des ports arbitraires.\n\n## Solution\n\nMettre \u00e0 jour les sources ou le paquetage, selon les vendeurs :\n\n-   Sources d\u0027Ipfilter :\n\n        ftp://coombs.anu.edu.au/pub/net/ip-filter/\n\n-   HP-UX :\n\n        http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=B9901AA\n\n-   FreeBSD :\n\n        ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:32/ipfilter.patch\n\n-   NetBSD : se conformer \u00e0 l\u0027avis cit\u00e9 dans la documentation.\n\n-   OpenBSD 2.8 voir :\n\n        http://www.openbsd.org/errata28.html#ipf_frag\n",
  "cves": [],
  "links": [
    {
      "title": "Avis de s\u00e9curit\u00e9 NetBSD",
      "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2001-007.txt.asc"
    },
    {
      "title": "Avis de s\u00e9curit\u00e9 FreeBSD",
      "url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:32.ipfilter.v1.1.asc"
    },
    {
      "title": "Base de vuln\u00e9rabilit\u00e9s Bugtraq",
      "url": "http://www.securityfocus.com/bid/2545"
    }
  ],
  "reference": "CERTA-2002-AVI-021",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2002-02-01T00:00:00.000000"
    },
    {
      "description": "correction d\u0027un lien d\u00e9fectueux.",
      "revision_date": "2002-03-06T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Contournement des r\u00e8gles de filtrage de paquets impl\u00e9ment\u00e9es par ipfilter"
    }
  ],
  "summary": "\u003cspan class=\"textit\"\u003eIpfilter\u003c/span\u003e est une collection d\u0027outils de\nfiltrage de paquets r\u00e9pandue dans le monde \u003cspan\nclass=\"textit\"\u003eUnix\u003c/span\u003e. Une vuln\u00e9rabilit\u00e9 permet d\u0027acc\u00e9der aux ports\nnormalement bloqu\u00e9s des h\u00f4tes prot\u00e9g\u00e9s par le pare-feu.\n",
  "title": "Mise \u00e0 jour de la gestion des fragments dans Ipfilter",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Base de vuln\u00e9rabilit\u00e9s BugTraq",
      "url": null
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.