1655 : FreeBSD ppp deny_incoming
Printer | http://osvdb.org/1655 | Email This | Edit Vulnerability

Views This Week

Views All Time

Info

Last Modified

8 months ago

Percent Complete

100%

Disclosure

Nov 14, 2000

Discovery

Unknown

Dates

Exploit

Nov 14, 2000

Solution

Unknown

Description

FreeBSD contains a flaw that may allow a malicious user to bypass the nat gateway. The issue was triggered because code was added to permit certain types of data through the nat gateway. It is possible that the flaw may allow all traffic to pass through, despite the "deny_incoming" directive, resulting in a loss of integrity.

Classification

Location: Remote/Network Access Required
Attack Type: Misconfiguration
Impact: Loss of Integrity
Exploit: Exploit Unavailable
Disclosure: OSVDB Verified

Solution

Upgrade to version FreeBSD system to 4.1.1-STABLE or 3.5.1-STABLE after the respective correction dates, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround(s): use a true packet filter such as ipfw(8) or ipf(8) on the PPP gateway to deny incoming traffic according to the desired security policy.

Also, FreeBSD has released a patch.

Products

FreeBSD Project	FreeBSD	4.0
		3.5
		3.5.1
		4.1
		4.1.1-STABLE

References

Bugtraq ID: 1974
CVE ID: 2000-1167 (see also: NVD)
ISS X-Force ID: 5584
Vendor Specific Advisory URL: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:70.ppp-nat.asc
Vendor URL: http://www.freebsd.org

Credit

Robin Melville - robmelinnotts.co.uk -

Blogs

Provided by Technorati

None found at this time

Comments

Add Comment Hide Add Comment

No Comments.

DONATE NOW!

User Status

Account
- Login
- Sign-Up

Quick Searches

Views This Week

Views All Time

Info

Last Modified

Percent Complete

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

FreeBSD Project

FreeBSD

References

Credit

Blogs

Comments