FreeBSD ppp deny_incoming Vulnerability
BID:1974
Info
FreeBSD ppp deny_incoming Vulnerability
| Bugtraq ID: | 1974 |
| Class: | Design Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 14 2000 12:00AM |
| Updated: | Nov 14 2000 12:00AM |
| Credit: | First published in FreeBSD Advisory FreeBSD-SA-00:70 on Nov 14, 2000. |
| Vulnerable: |
FreeBSD FreeBSD 4.1.1 -STABLE FreeBSD FreeBSD 4.1 FreeBSD FreeBSD 4.0 FreeBSD FreeBSD 3.5.1 FreeBSD FreeBSD 3.5 |
| Not Vulnerable: | |
Discussion
FreeBSD ppp deny_incoming Vulnerability
ppp is a utility used for handling point-to-point network connections in unix systems. The FreeBSD version of ppp also facilitates NAT, or network address translation for proxied communication between networks.
There is an option in ppp, "nat deny_incoming" which can be used as a broad, simple "firewall rule". It tells the machine performing nat not to let anything pass through the gateway that is not part of an existing nat session. Code was added to this functonality to permit certain types of data through the nat gateway that introduced a bug resulting in all traffic passing through, despite the "deny_incoming" directive.
This may result in a violation of security policy and can lead to attacks on the internal network behind the gateway.
ppp is a utility used for handling point-to-point network connections in unix systems. The FreeBSD version of ppp also facilitates NAT, or network address translation for proxied communication between networks.
There is an option in ppp, "nat deny_incoming" which can be used as a broad, simple "firewall rule". It tells the machine performing nat not to let anything pass through the gateway that is not part of an existing nat session. Code was added to this functonality to permit certain types of data through the nat gateway that introduced a bug resulting in all traffic passing through, despite the "deny_incoming" directive.
This may result in a violation of security policy and can lead to attacks on the internal network behind the gateway.
Exploit / POC
FreeBSD ppp deny_incoming Vulnerability
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution / Fix
FreeBSD ppp deny_incoming Vulnerability
Solution:
FreeBSD has released a patch to correct this vulnerability.
FreeBSD FreeBSD 3.5
FreeBSD FreeBSD 3.5.1
FreeBSD FreeBSD 4.0
FreeBSD FreeBSD 4.1
Solution:
FreeBSD has released a patch to correct this vulnerability.
FreeBSD FreeBSD 3.5
-
FreeBSD ppp.patch
Execute the following commands as root:# cd /usr/src/usr.sbin/ppp# patch -p < /path/to/patch_or_advisory# make depend && make all install
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:70/ppp.patch
FreeBSD FreeBSD 3.5.1
-
FreeBSD ppp.patch
Execute the following commands as root:# cd /usr/src/usr.sbin/ppp# patch -p < /path/to/patch_or_advisory# make depend && make all install
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:70/ppp.patch
FreeBSD FreeBSD 4.0
-
FreeBSD ppp.patch
Execute the following commands as root:# cd /usr/src/usr.sbin/ppp# patch -p < /path/to/patch_or_advisory# make depend && make all install
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:70/ppp.patch
FreeBSD FreeBSD 4.1
-
FreeBSD ppp.patch
Execute the following commands as root:# cd /usr/src/usr.sbin/ppp# patch -p < /path/to/patch_or_advisory# make depend && make all install
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:70/ppp.patch