Info

Disclosure

May 25, 2000

Discovery

Unknown

Dates

Exploit

May 25, 2000

Solution

Unknown

Description

IPFilter contains a flaw that may allow a remote attacker to bypass the ruleset. The issue is due to the presence of overlapping rules that relate to "return-rst" and "keep state". These two rules create a race condition that may allow an attacker to send the right sequence of packets to win, allowing them to bypass the filter rules completely.

Classification

Location: Remote/Network Access Required
Attack Type: Input Manipulation, Race Condition
Impact: Loss of Integrity
Exploit: Exploit Available
Disclosure: OSVDB Verified

Solution

Upgrade to version 3.3.16, 3.4.4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Darren Reed	IPFilter	3.3.15
		3.4.3

References

Bugtraq ID: 1308
CVE ID: 2000-0553 (see also: NVD)
ISS X-Force ID: 4994
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2000-05/0326.html

Credit

EMF - emfprettyhatemachine.obfuscation.org - Obfuscation Research Laboratories

Direct URL: http://osvdb.org/36218

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Darren Reed

IPFilter

References

Credit