Honeyd Remote Virtual Host Detection Vulnerability
BID:9464
Info
Honeyd Remote Virtual Host Detection Vulnerability
| Bugtraq ID: | 9464 |
| Class: | Design Error |
| CVE: |
CVE-2004-2095 |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 18 2004 12:00AM |
| Updated: | Jul 12 2009 02:06AM |
| Credit: | Discovery of this issue is credited to Joseph Corey. |
| Vulnerable: |
Honeyd Honeyd 0.7 a Honeyd Honeyd 0.7 Honeyd Honeyd 0.6 a Honeyd Honeyd 0.6 Honeyd Honeyd 0.5 |
| Not Vulnerable: |
Honeyd Honeyd 0.8 |
Discussion
Honeyd Remote Virtual Host Detection Vulnerability
Honeyd is prone to a vulnerability that may permit remote users to detect the presence of virtual hosts spawned by the server. This is due to a flaw in how Honeyd responds to certain TCP packets, effectively allowing a remote user to determine if a scanned address is a virtual Honeyd host. The consequence is that a remote attacker could enumerate the existence of simulated Honeyd hosts and then either target specific attacks against these hosts or avoid them altogether.
Honeyd is prone to a vulnerability that may permit remote users to detect the presence of virtual hosts spawned by the server. This is due to a flaw in how Honeyd responds to certain TCP packets, effectively allowing a remote user to determine if a scanned address is a virtual Honeyd host. The consequence is that a remote attacker could enumerate the existence of simulated Honeyd hosts and then either target specific attacks against these hosts or avoid them altogether.
Exploit / POC
Honeyd Remote Virtual Host Detection Vulnerability
A patch to the scanrand tool included in the Paketto Keiretsu scanning tool has been publicized that detects Honeyd virtual hosts.
A patch to the scanrand tool included in the Paketto Keiretsu scanning tool has been publicized that detects Honeyd virtual hosts.
Solution / Fix
Honeyd Remote Virtual Host Detection Vulnerability
Solution:
Gentoo has released updates to address this issue. These updates may be applied with the following commands:
emerge sync
emerge -pv ">=net-analyzer/honeyd-0.8"
emerge ">=net-analyzer/honeyd-0.8"
This issue has been addressed with the release of Honeyd 0.8.
Honeyd Honeyd 0.5
Honeyd Honeyd 0.6 a
Honeyd Honeyd 0.6
Honeyd Honeyd 0.7
Honeyd Honeyd 0.7 a
Solution:
Gentoo has released updates to address this issue. These updates may be applied with the following commands:
emerge sync
emerge -pv ">=net-analyzer/honeyd-0.8"
emerge ">=net-analyzer/honeyd-0.8"
This issue has been addressed with the release of Honeyd 0.8.
Honeyd Honeyd 0.5
-
Honeyd honeyd-0.8.tar.gz
http://www.citi.umich.edu/u/provos/honeyd/honeyd-0.8.tar.gz
Honeyd Honeyd 0.6 a
-
Honeyd honeyd-0.8.tar.gz
http://www.citi.umich.edu/u/provos/honeyd/honeyd-0.8.tar.gz
Honeyd Honeyd 0.6
-
Honeyd honeyd-0.8.tar.gz
http://www.citi.umich.edu/u/provos/honeyd/honeyd-0.8.tar.gz
Honeyd Honeyd 0.7
-
Honeyd honeyd-0.8.tar.gz
http://www.citi.umich.edu/u/provos/honeyd/honeyd-0.8.tar.gz
Honeyd Honeyd 0.7 a
-
Honeyd honeyd-0.8.tar.gz
http://www.citi.umich.edu/u/provos/honeyd/honeyd-0.8.tar.gz
References
Honeyd Remote Virtual Host Detection Vulnerability
References:
References:
- Honeyd Homepage (Honeyd)
- Honeyd Security Advisory 2004-001: Remote Detection Via Simple Probe Packet (Niels Provos
)