CVE-2002-0666
CVSS5.0
发布时间 :2002-11-04 00:00:00
修订时间 :2008-09-10 15:12:40
NMCOS    

[原文]IPSEC implementations including (1) FreeS/WAN and (2) KAME do not properly calculate the length of authentication data, which allows remote attackers to cause a denial of service (kernel panic) via spoofed, short Encapsulating Security Payload (ESP) packets, which result in integer signedness errors.


[CNNVD]多家厂商IPSEC实现远程拒绝服务攻击漏洞(CNNVD-200211-002)

        IPSEC是一套IP安全扩展,提供验证和加密功能,它包含两种类型的包ESP和AH,分别有IP协议50和51代表。
        多个IPSec实现存在漏洞,该漏洞源于在处理畸形ESP包的时候存在问题,远程攻击者可以利用这个漏洞进行拒绝服务攻击。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:frees_wan:frees_wan:1.9.5
cpe:/h:nec:ix1010NEC IX1010
cpe:/o:apple:mac_os_x:10.2Apple Mac OS X 10.2
cpe:/o:netbsd:netbsd:1.5.3NetBSD 1.5.3
cpe:/a:frees_wan:frees_wan:1.9
cpe:/h:nec:ix1050NEC IX1050
cpe:/o:netbsd:netbsd:1.5NetBSD 1.5
cpe:/h:global_technology_associates:gnat_box_firmware:3.3
cpe:/o:freebsd:freebsd:4.6FreeBSD 4.6
cpe:/a:frees_wan:frees_wan:1.9.3
cpe:/o:apple:mac_os_x_server:10.2Apple Mac OS X Server 10.2
cpe:/o:freebsd:freebsd:4.6:stable
cpe:/o:netbsd:netbsd:1.5.2NetBSD 1.5.2
cpe:/h:global_technology_associates:gnat_box_firmware:3.1
cpe:/o:netbsd:netbsd:1.5.1NetBSD 1.5.1
cpe:/h:nec:ix1020NEC IX1020
cpe:/h:nec:ix1011NEC IX1011
cpe:/a:frees_wan:frees_wan:1.9.2
cpe:/o:netbsd:netbsd:1.5::x86
cpe:/o:netbsd:netbsd:1.6:betaNetBSD 1.6 Beta
cpe:/o:netbsd:netbsd:1.5::sh3
cpe:/a:frees_wan:frees_wan:1.9.6
cpe:/o:freebsd:freebsd:4.6:release
cpe:/a:frees_wan:frees_wan:1.9.4
cpe:/h:nec:ix2010NEC IX2010
cpe:/h:global_technology_associates:gnat_box_firmware:3.2
cpe:/a:frees_wan:frees_wan:1.9.1
cpe:/h:nec:bluefire_ix1035_routerNEC BlueFire IX1035

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0666
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-0666
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200211-002
(官方数据源) CNNVD

- 其它链接及资源

http://www.kb.cert.org/vuls/id/459371
(VENDOR_ADVISORY)  CERT-VN  VU#459371
http://www.securityfocus.com/bid/6011
(UNKNOWN)  BID  6011
http://www.iss.net/security_center/static/10411.php
(VENDOR_ADVISORY)  XF  ipsec-packet-integer-overflow(10411)
http://www.debian.org/security/2002/dsa-201
(UNKNOWN)  DEBIAN  DSA-201
http://razor.bindview.com/publish/advisories/adv_ipsec.html
(VENDOR_ADVISORY)  BINDVIEW  20021018 Denial of Service in IPSEC implementations
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-016.txt.asc
(UNKNOWN)  NETBSD  NetBSD-SA2002-016

- 漏洞信息

多家厂商IPSEC实现远程拒绝服务攻击漏洞
中危 其他
2002-11-04 00:00:00 2012-11-30 00:00:00
远程  
        IPSEC是一套IP安全扩展,提供验证和加密功能,它包含两种类型的包ESP和AH,分别有IP协议50和51代表。
        多个IPSec实现存在漏洞,该漏洞源于在处理畸形ESP包的时候存在问题,远程攻击者可以利用这个漏洞进行拒绝服务攻击。

- 公告与补丁

        厂商补丁:
        Apple
        -----
        目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
        MacOS X 10.2和MacOS X Server 10.2已经提供如下补丁:
        Apple MacOS X 10.2 (Jaguar):
        Apple Patch MacOSXUpdate10.2.1.dmg.bin
        
        http://download.info.apple.com/Mac_OS_X/061-0139.20020918.gTbn8/2z/MacOSXUpdate10.2.1.dmg.bin

        Apple MacOS X Server 10.2:
        Apple Patch MacOSXServerUpdate10.2.1.dmg.bin
        
        http://download.info.apple.com/Mac_OS_X/061-0141.20020918.64tP4/0Z/MacOSXServerUpdate10.2.1.dmg.bin

        FreeBSD
        -------
        目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
        FreeBSD已经在CVS中提供相应补丁,FreeBSD 4.7-RELEASE不存在此问题。
        FreeBSD FreeBSD 4.6 -STABLE:
        FreeBSD Patch esp_input.c#rev1.1.2.7
        
        http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet6/esp_input.c#rev1.1.2.7

        FreeBSD FreeBSD 4.6 -RELEASE:
        FreeBSD Patch esp_input.c#rev1.1.2.7
        
        http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet6/esp_input.c#rev1.1.2.7

        FreeBSD FreeBSD 4.6:
        FreeBSD Patch esp_input.c#rev1.1.2.7
        
        http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet6/esp_input.c#rev1.1.2.7

        NetBSD
        ------
        NetBSD 1.6和Current不受此漏洞影响。
        FreeS/WAN
        ---------
        目前厂商还没有发布补丁升级,请随时关注厂商的主页:
        
        http://www.freeswan.org/

- 漏洞信息

7410
FreeS/WAN IPSEC Implementations Spoofed ESP Packet DoS
Local Access Required, Remote / Network Access Denial of Service, Input Manipulation
Loss of Availability
Exploit Public

- 漏洞描述

Many IPSec implementations, including Linux FreeS/WAN, and operating systems that include them contain a flaw that may allow a remote denial of service. The issue is triggered when a very short IPSec packet is sent, and will result in loss of availability for the service, and in some cases will trigger a kernel panic and loss of availability for the platform.

- 时间线

2002-10-17 Unknow
2002-10-17 Unknow

- 解决方案

Upgrade to FreeS/WAN version 1.99, or higher, as this has been reported to fix this vulnerability. It is also possible to correct the flaw by applying the patch from the relevant vendor.

- 相关参考

- 漏洞作者

- 漏洞信息

Multiple Vendor IPSec Implementation Denial of Service Vulnerabilities
Failure to Handle Exceptional Conditions 6011
Yes No
2002-10-19 12:00:00 2009-07-11 06:06:00
Discovered by Todd Sabin of Bindview.

- 受影响的程序版本

NetBSD NetBSD 1.6 beta
NetBSD NetBSD 1.6
NetBSD NetBSD 1.5.3
NetBSD NetBSD 1.5.2
NetBSD NetBSD 1.5.1
NetBSD NetBSD 1.5 x86
NetBSD NetBSD 1.5 sh3
NetBSD NetBSD 1.5
NEC IX2010
NEC IX1050
NEC IX1020
NEC IX1011
NEC IX1010
NEC BlueFire IX1035
IBM AIX 4.3.3
IBM AIX 5.2
IBM AIX 5.1
Global Technology Associates GNAT Box Firmware 3.3
+ Global Technology Associates GNAT Box Firewall
Global Technology Associates GNAT Box Firmware 3.2
+ Global Technology Associates GNAT Box Firewall
Global Technology Associates GNAT Box Firmware 3.1
+ Global Technology Associates GNAT Box Firewall
FreeS/WAN FreeS/WAN 1.9.6
- Debian Linux 3.0 sparc
- Debian Linux 3.0 s/390
- Debian Linux 3.0 ppc
- Debian Linux 3.0 mipsel
- Debian Linux 3.0 mips
- Debian Linux 3.0 m68k
- Debian Linux 3.0 ia-64
- Debian Linux 3.0 ia-32
- Debian Linux 3.0 hppa
- Debian Linux 3.0 arm
- Debian Linux 3.0 alpha
FreeS/WAN FreeS/WAN 1.9.5
FreeS/WAN FreeS/WAN 1.9.4
FreeS/WAN FreeS/WAN 1.9.3
FreeS/WAN FreeS/WAN 1.9.2
FreeS/WAN FreeS/WAN 1.9.1
FreeS/WAN FreeS/WAN 1.9
FreeBSD FreeBSD 4.6 -STABLE
FreeBSD FreeBSD 4.6 -RELEASE
FreeBSD FreeBSD 4.6
eSoft InstaGate xSP Business
eSoft InstaGate xsP Branch
eSoft InstaGate PRO
BSDI BSD/OS 4.3
BSDI BSD/OS 4.2
Astaro Security Linux 3.2 10
Astaro Security Linux 3.2 00
Astaro Security Linux 2.0 30
Astaro Security Linux 2.0 27
Astaro Security Linux 2.0 26
Astaro Security Linux 2.0 25
Astaro Security Linux 2.0 24
Astaro Security Linux 2.0 23
Astaro Security Linux 2.0 16
Apple Mac OS X Server 10.2
Apple Mac OS X 10.2
Astaro Security Linux 3.2 11

- 不受影响的程序版本

Astaro Security Linux 3.2 11

- 漏洞讨论

A vulnerability in several implementations of IPSec related to handling of malformed ESP packets has been reported. On several systems, the conditions may be exploited to cause kernel panics.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案

Several vendors have solutions available:

Internet Initiative Japan has patches available for the IIJ SEIL/neu routers. Upgrade to a firmware revision greater than version 1.63 (available at http://www.seil-neu.com/).

Fixes will be available for NEC products in early November.

FreeBSD has fixed the vulnerability in CVS. FreeBSD 4.7-RELEASE is not vulnerable.

Global Technology Associates has made firmware upgrades available for GNAT Box devices using firmware versions 3.3.x or 3.2.x. Users of version 3.1.x are advised to upgrade.

Apple has fixes available for MacOS X 10.2 and MacOS X Server 10.2.

NetBSD has released a security advisory. NetBSD 1.6 and NetBSD-current dated 2002-08-23 are not vulnerable to this issue. Users of the NetBSD 1.5 branch are advised to upgrade to the NetBSD 1.5 tree dated 2002-09-05 or later. Further information is provided in the referenced advisory.

eSoft InstaGate products are affected by this issue. An attacker must know the IP address of a tunnel endpoint and the SPI value for that tunnel to exploit this issue on InstaGate products. A patch has been made available through eSoft's SoftPak Director.

Numerous KAME-based implementations are affected by this vulnerability. Fixes were incorporated into the KAME tree as of 2002/08/21.

This issue is present in Astaro Security Linux and has been addressed as of Up2Date 3.211. This update may be applied to systems running Astaro Security Linux Up2Date 3.210.

Fixes are available:


IBM AIX 5.1

IBM AIX 5.2

FreeS/WAN FreeS/WAN 1.9.6

Apple Mac OS X Server 10.2

Apple Mac OS X 10.2

Global Technology Associates GNAT Box Firmware 3.2

Global Technology Associates GNAT Box Firmware 3.3

IBM AIX 4.3.3

FreeBSD FreeBSD 4.6 -RELEASE

FreeBSD FreeBSD 4.6 -STABLE

FreeBSD FreeBSD 4.6

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站