CVE-2005-2068
CVSS5.0
发布时间 :2005-07-05 00:00:00
修订时间 :2008-09-05 16:50:47
NMCOS    

[原文]FreeBSD 4.x through 4.11 and 5.x through 5.4 allows remote attackers to modify certain TCP options via a TCP packet with the SYN flag set for an already established session.


[CNNVD]FreeBSD SYN TCP包修改(CNNVD-200507-020)

        FreeBSD是一种运行在Intel平台上,可以自由使用的类Unix系统。
        FreeBSD 4.x至4.11及5.x至5.4版本存在TCP包修改漏洞。
        由于TCP/IP协议栈在处理特殊的带SYN标志的报文时存在漏洞,远程攻击者可能利用此漏洞,影响已经建立的TCP连接。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/o:freebsd:freebsd:4.2FreeBSD 4.2
cpe:/o:freebsd:freebsd:5.1FreeBSD 5.1
cpe:/o:freebsd:freebsd:4.4FreeBSD 4.4
cpe:/o:freebsd:freebsd:5.4FreeBSD 5.4
cpe:/o:freebsd:freebsd:5.2.1FreeBSD 5.2.1
cpe:/o:freebsd:freebsd:5.3FreeBSD 5.3
cpe:/o:freebsd:freebsd:4.6.2FreeBSD 4.6.2
cpe:/o:freebsd:freebsd:5.0FreeBSD 5.0
cpe:/o:freebsd:freebsd:4.8FreeBSD 4.8
cpe:/o:freebsd:freebsd:4.6FreeBSD 4.6
cpe:/o:freebsd:freebsd:4.10FreeBSD 4.10
cpe:/o:freebsd:freebsd:5.2FreeBSD 5.2
cpe:/o:freebsd:freebsd:4.1FreeBSD 4.1
cpe:/o:freebsd:freebsd:4.11FreeBSD 4.11
cpe:/o:freebsd:freebsd:4.3FreeBSD 4.3
cpe:/o:freebsd:freebsd:4.1.1FreeBSD 4.1.1
cpe:/o:freebsd:freebsd:4.9FreeBSD 4.9
cpe:/o:freebsd:freebsd:4.5FreeBSD 4.5
cpe:/o:freebsd:freebsd:4.7FreeBSD 4.7
cpe:/o:freebsd:freebsd:4.0FreeBSD 4.0

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2068
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2068
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200507-020
(官方数据源) CNNVD

- 其它链接及资源

ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:15.tcp.asc
(UNKNOWN)  FREEBSD  FreeBSD-SA-05:15

- 漏洞信息

FreeBSD SYN TCP包修改
中危 设计错误
2005-07-05 00:00:00 2005-10-20 00:00:00
远程  
        FreeBSD是一种运行在Intel平台上,可以自由使用的类Unix系统。
        FreeBSD 4.x至4.11及5.x至5.4版本存在TCP包修改漏洞。
        由于TCP/IP协议栈在处理特殊的带SYN标志的报文时存在漏洞,远程攻击者可能利用此漏洞,影响已经建立的TCP连接。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:15.tcp.asc

- 漏洞信息

17677
FreeBSD TCP Crafted SYN Packet Arbitrary Option Overwrite
Remote / Network Access Denial of Service
Loss of Availability
Vendor Verified

- 漏洞描述

FreeBSD contains a flaw that may allow a malicious user to modify certain TCP options via a TCP packet with the SYN flag set for an already established session. It is possible that the flaw may allow an attacker to spoof the remote IP and port numbers of an established connection and stall the TCP communications resulting in a loss of availability.

- 时间线

2005-06-29 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 4-STABLE or 5-STABLE, or to the RELENG_5_4, RELENG_5_3, RELENG_4_11, or RELENG_4_10 security branch dated after 2005-06-29, as it has been reported to fix this vulnerability. In addition, FreeBSD has released patches for older FreeBSD 4.10, 4.11, 5.3, and 5.4 systems.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

FreeBSD TCP Stack Established Connection Denial of Service Vulnerability
Design Error 14104
Yes No
2005-06-29 12:00:00 2009-07-12 04:06:00
The vendor reported this issue.

- 受影响的程序版本

FreeBSD FreeBSD 5.4 -RELENG
FreeBSD FreeBSD 5.4 -RELEASE
FreeBSD FreeBSD 5.4 -PRERELEASE
FreeBSD FreeBSD 5.3 -STABLE
FreeBSD FreeBSD 5.3 -RELENG
FreeBSD FreeBSD 5.3 -RELEASE
FreeBSD FreeBSD 5.3
FreeBSD FreeBSD 5.2.1 -RELEASE
FreeBSD FreeBSD 5.2 -RELENG
FreeBSD FreeBSD 5.2 -RELEASE
FreeBSD FreeBSD 5.2
FreeBSD FreeBSD 5.1 -RELENG
FreeBSD FreeBSD 5.1 -RELEASE/Alpha
FreeBSD FreeBSD 5.1 -RELEASE-p5
FreeBSD FreeBSD 5.1 -RELEASE
FreeBSD FreeBSD 5.1
FreeBSD FreeBSD 5.0 -RELENG
FreeBSD FreeBSD 5.0 -RELEASE-p14
FreeBSD FreeBSD 5.0 alpha
FreeBSD FreeBSD 5.0
FreeBSD FreeBSD 4.11 -STABLE
FreeBSD FreeBSD 4.11 -RELENG
FreeBSD FreeBSD 4.11 -RELEASE-p3
FreeBSD FreeBSD 4.10 -RELENG
FreeBSD FreeBSD 4.10 -RELEASE-p8
FreeBSD FreeBSD 4.10 -RELEASE
FreeBSD FreeBSD 4.10
FreeBSD FreeBSD 4.9 -RELENG
FreeBSD FreeBSD 4.9 -PRERELEASE
FreeBSD FreeBSD 4.9
FreeBSD FreeBSD 4.8 -RELENG
FreeBSD FreeBSD 4.8 -RELEASE-p7
FreeBSD FreeBSD 4.8 -PRERELEASE
FreeBSD FreeBSD 4.8
FreeBSD FreeBSD 4.7 -STABLE
FreeBSD FreeBSD 4.7 -RELENG
FreeBSD FreeBSD 4.7 -RELEASE-p17
FreeBSD FreeBSD 4.7 -RELEASE
FreeBSD FreeBSD 4.7
FreeBSD FreeBSD 4.6.2
FreeBSD FreeBSD 4.6 -STABLE
FreeBSD FreeBSD 4.6 -RELENG
FreeBSD FreeBSD 4.6 -RELEASE-p20
FreeBSD FreeBSD 4.6 -RELEASE
FreeBSD FreeBSD 4.6
FreeBSD FreeBSD 4.5 -STABLEpre2002-03-07
FreeBSD FreeBSD 4.5 -STABLE
FreeBSD FreeBSD 4.5 -RELENG
FreeBSD FreeBSD 4.5 -RELEASE-p32
FreeBSD FreeBSD 4.5 -RELEASE
FreeBSD FreeBSD 4.5
FreeBSD FreeBSD 4.4 -STABLE
FreeBSD FreeBSD 4.4 -RELENG
FreeBSD FreeBSD 4.4 -RELENG
FreeBSD FreeBSD 4.4 -RELEASE-p42
FreeBSD FreeBSD 4.4
FreeBSD FreeBSD 4.3 -STABLE
FreeBSD FreeBSD 4.3 -RELENG
FreeBSD FreeBSD 4.3 -RELEASE-p38
FreeBSD FreeBSD 4.3 -RELEASE
FreeBSD FreeBSD 4.3
FreeBSD FreeBSD 4.2 -STABLEpre122300
FreeBSD FreeBSD 4.2 -STABLEpre050201
FreeBSD FreeBSD 4.2 -STABLE
FreeBSD FreeBSD 4.2 -RELEASE
FreeBSD FreeBSD 4.2
FreeBSD FreeBSD 4.1.1 -STABLE
FreeBSD FreeBSD 4.1.1 -RELEASE
FreeBSD FreeBSD 4.1.1
FreeBSD FreeBSD 4.1
FreeBSD FreeBSD 4.0 .x
FreeBSD FreeBSD 4.0 -RELENG
FreeBSD FreeBSD 4.0 alpha
FreeBSD FreeBSD 4.0
FreeBSD FreeBSD 3.5.1 -STABLEpre2001-07-20
FreeBSD FreeBSD 3.5.1 -STABLE
FreeBSD FreeBSD 3.5.1 -RELEASE
FreeBSD FreeBSD 3.5.1
FreeBSD FreeBSD 3.5 x
FreeBSD FreeBSD 3.5 -STABLEpre122300
FreeBSD FreeBSD 3.5 -STABLEpre050201
FreeBSD FreeBSD 3.5 -STABLE
FreeBSD FreeBSD 3.5
FreeBSD FreeBSD 3.4 x
FreeBSD FreeBSD 3.4
FreeBSD FreeBSD 3.3 x
FreeBSD FreeBSD 3.3
FreeBSD FreeBSD 3.2 x
FreeBSD FreeBSD 3.2
FreeBSD FreeBSD 3.1 x
FreeBSD FreeBSD 3.1
FreeBSD FreeBSD 3.0 -RELENG
FreeBSD FreeBSD 3.0
FreeBSD FreeBSD 2.2.8
FreeBSD FreeBSD 2.2.6
FreeBSD FreeBSD 2.2.5
FreeBSD FreeBSD 2.2.4
FreeBSD FreeBSD 2.2.3
FreeBSD FreeBSD 2.2.2
FreeBSD FreeBSD 2.2 x
FreeBSD FreeBSD 2.2
FreeBSD FreeBSD 2.1.7 .1
FreeBSD FreeBSD 2.1.6 .1
FreeBSD FreeBSD 2.1.6
FreeBSD FreeBSD 2.1.5
FreeBSD FreeBSD 2.1 x
FreeBSD FreeBSD 2.1
FreeBSD FreeBSD 2.0.5
FreeBSD FreeBSD 2.0
FreeBSD FreeBSD 1.1.5 .1
FreeBSD FreeBSD 4.10-PRERELEASE
FreeBSD FreeBSD 3.x
FreeBSD FreeBSD 2.x

- 漏洞讨论

FreeBSD TCP stack is affected by a remote denial of service vulnerability.

This issue arises when an affected computer with an established connection receives a TCP packet with the SYN flag set and accepts it.

A successful attack can deny service for a target connection.

All FreeBSD releases are vulnerable to this issue.

- 漏洞利用

An exploit is not required to leverage this issue.

- 解决方案

FreeBSD has released source code kernel patches for 4.x and 5.x. See advisory FreeBSD-SA-05:15.tcp.


FreeBSD FreeBSD 4.0

FreeBSD FreeBSD 4.0 -RELENG

FreeBSD FreeBSD 4.0 .x

FreeBSD FreeBSD 4.0 alpha

FreeBSD FreeBSD 4.1

FreeBSD FreeBSD 4.1.1 -STABLE

FreeBSD FreeBSD 4.1.1 -RELEASE

FreeBSD FreeBSD 4.10 -RELEASE-p8

FreeBSD FreeBSD 4.10 -RELEASE

FreeBSD FreeBSD 4.10 -RELENG

FreeBSD FreeBSD 4.10

FreeBSD FreeBSD 4.11 -RELEASE-p3

FreeBSD FreeBSD 4.11 -RELENG

FreeBSD FreeBSD 4.2

FreeBSD FreeBSD 4.2 -RELEASE

FreeBSD FreeBSD 4.3 -STABLE

FreeBSD FreeBSD 4.3 -RELEASE-p38

FreeBSD FreeBSD 4.3

FreeBSD FreeBSD 4.3 -RELEASE

FreeBSD FreeBSD 4.3 -RELENG

FreeBSD FreeBSD 4.4 -RELENG

FreeBSD FreeBSD 4.4 -RELEASE-p42

FreeBSD FreeBSD 4.4

FreeBSD FreeBSD 4.4 -STABLE

FreeBSD FreeBSD 4.5 -RELEASE-p32

FreeBSD FreeBSD 4.5

FreeBSD FreeBSD 4.5 -STABLEpre2002-03-07

FreeBSD FreeBSD 4.5 -STABLE

FreeBSD FreeBSD 4.5 -RELEASE

FreeBSD FreeBSD 4.6 -RELEASE-p20

FreeBSD FreeBSD 4.6 -RELENG

FreeBSD FreeBSD 4.6 -RELEASE

FreeBSD FreeBSD 4.6 -STABLE

FreeBSD FreeBSD 4.6

FreeBSD FreeBSD 4.6.2

FreeBSD FreeBSD 4.7 -RELEASE-p17

FreeBSD FreeBSD 4.7 -RELENG

FreeBSD FreeBSD 4.7 -RELEASE

FreeBSD FreeBSD 4.7

FreeBSD FreeBSD 4.8 -RELENG

FreeBSD FreeBSD 4.8 -PRERELEASE

FreeBSD FreeBSD 4.8 -RELEASE-p7

FreeBSD FreeBSD 4.8

FreeBSD FreeBSD 4.9

FreeBSD FreeBSD 4.9 -PRERELEASE

FreeBSD FreeBSD 4.9 -RELENG

FreeBSD FreeBSD 5.0

FreeBSD FreeBSD 5.0 alpha

FreeBSD FreeBSD 5.0 -RELENG

FreeBSD FreeBSD 5.0 -RELEASE-p14

FreeBSD FreeBSD 5.1 -RELEASE/Alpha

FreeBSD FreeBSD 5.1

FreeBSD FreeBSD 5.1 -RELENG

FreeBSD FreeBSD 5.2 -RELEASE

FreeBSD FreeBSD 5.2

FreeBSD FreeBSD 5.2 -RELENG

FreeBSD FreeBSD 5.2.1 -RELEASE

FreeBSD FreeBSD 5.3

FreeBSD FreeBSD 5.4 -PRERELEASE

FreeBSD FreeBSD 5.4 -RELEASE

FreeBSD FreeBSD 5.4 -RELENG

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站