CVE-2006-0905
CVSS7.5
发布时间 :2006-03-23 06:06:00
修订时间 :2008-09-05 17:00:31
NMCOS    

[原文]A "programming error" in fast_ipsec in FreeBSD 4.8-RELEASE through 6.1-STABLE and NetBSD 2 through 3 does not properly update the sequence number associated with a Security Association, which allows packets to pass sequence number checks and allows remote attackers to capture IPSec packets and conduct replay attacks.


[CNNVD]FreeBSD IPsec反回放攻击实现漏洞(CNNVD-200603-382)

        FreeBSD就是一种运行在Intel平台上、可以自由使用的开放源码Unix类系统。
        FreeBSD的IPsec实现的反回放攻击服务存在漏洞,远程攻击者可能利用此漏洞。
        IPsec提供了反回放攻击服务,如果启用了该服务就可以防止攻击者成功执行回放攻击。这是通过验证序列号来实现的。fast_ipsec(4)实现中存在编程错误,导致没有升级序列号相关的安全关联,允许报文无条件的通过序列号验证检查。攻击者可以拦截IPSec报文并回放。如果使用了无法提供任何报文回放防范措施的更高级别协议(如UDP),还可能有其他影响。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/o:freebsd:freebsd:5.1FreeBSD 5.1
cpe:/o:freebsd:freebsd:4.10:releng
cpe:/o:freebsd:freebsd:5.0:release_p14
cpe:/o:netbsd:netbsd:3.0NetBSD 3.0
cpe:/o:freebsd:freebsd:5.1:release_p5
cpe:/o:freebsd:freebsd:5.2.1:release
cpe:/o:freebsd:freebsd:5.0FreeBSD 5.0
cpe:/o:freebsd:freebsd:4.11:release_p3
cpe:/o:freebsd:freebsd:4.9:pre-release
cpe:/o:freebsd:freebsd:5.3:stable
cpe:/o:freebsd:freebsd:4.11:releng
cpe:/o:freebsd:freebsd:5.3:releng
cpe:/o:freebsd:freebsd:5.0:releng
cpe:/o:freebsd:freebsd:5.1:release
cpe:/o:freebsd:freebsd:5.1:releng
cpe:/o:freebsd:freebsd:5.4:stable
cpe:/o:freebsd:freebsd:5.0:alpha
cpe:/o:freebsd:freebsd:5.4:release
cpe:/o:freebsd:freebsd:4.10:release
cpe:/o:freebsd:freebsd:6.0:release
cpe:/o:netbsd:netbsd:2.0NetBSD 2.0
cpe:/o:freebsd:freebsd:5.3:release
cpe:/o:freebsd:freebsd:6.0:stable
cpe:/o:freebsd:freebsd:4.11:stable
cpe:/o:freebsd:freebsd:5.4:pre-release
cpe:/o:freebsd:freebsd:5.1:alpha
cpe:/o:freebsd:freebsd:5.3FreeBSD 5.3
cpe:/o:freebsd:freebsd:4.9:releng
cpe:/o:freebsd:freebsd:4.8:pre-release
cpe:/o:freebsd:freebsd:4.8FreeBSD 4.8
cpe:/o:freebsd:freebsd:4.10FreeBSD 4.10
cpe:/o:freebsd:freebsd:5.2FreeBSD 5.2
cpe:/o:freebsd:freebsd:4.8:release_p7
cpe:/o:freebsd:freebsd:5.4:releng
cpe:/o:freebsd:freebsd:4.8:releng
cpe:/o:freebsd:freebsd:4.10:release_p8
cpe:/o:freebsd:freebsd:4.9FreeBSD 4.9
cpe:/o:freebsd:freebsd:5.2.1:releng

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0905
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-0905
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200603-382
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/bid/17191
(PATCH)  BID  17191
http://secunia.com/advisories/19366
(VENDOR_ADVISORY)  SECUNIA  19366
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:11.ipsec.asc
(VENDOR_ADVISORY)  FREEBSD  FreeBSD-SA-06:11
http://xforce.iss.net/xforce/xfdb/25398
(UNKNOWN)  XF  bsd-ipsec-replay(25398)
http://www.osvdb.org/24068
(UNKNOWN)  OSVDB  24068
http://securitytracker.com/id?1015809
(UNKNOWN)  SECTRACK  1015809
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2006-011.txt.asc
(UNKNOWN)  NETBSD  NetBSD-SA2006-011

- 漏洞信息

FreeBSD IPsec反回放攻击实现漏洞
高危 设计错误
2006-03-23 00:00:00 2006-04-26 00:00:00
远程  
        FreeBSD就是一种运行在Intel平台上、可以自由使用的开放源码Unix类系统。
        FreeBSD的IPsec实现的反回放攻击服务存在漏洞,远程攻击者可能利用此漏洞。
        IPsec提供了反回放攻击服务,如果启用了该服务就可以防止攻击者成功执行回放攻击。这是通过验证序列号来实现的。fast_ipsec(4)实现中存在编程错误,导致没有升级序列号相关的安全关联,允许报文无条件的通过序列号验证检查。攻击者可以拦截IPSec报文并回放。如果使用了无法提供任何报文回放防范措施的更高级别协议(如UDP),还可能有其他影响。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        FreeBSD FreeBSD 5.4-STABLE
        FreeBSD ipsec.patch
        ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:11/ipsec.patch
        FreeBSD FreeBSD 4.10 -RELEASE-p8
        FreeBSD ipsec.patch
        ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:11/ipsec.patch
        FreeBSD FreeBSD 4.10 -RELEASE
        FreeBSD ipsec.patch
        ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:11/ipsec.patch
        FreeBSD FreeBSD 4.10 -RELENG
        FreeBSD ipsec.patch
        ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:11/ipsec.patch
        FreeBSD FreeBSD 4.10
        FreeBSD ipsec.patch
        ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:11/ipsec.patch
        FreeBSD FreeBSD 4.11 -RELEASE-p3
        FreeBSD ipsec.patch
        ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:11/ipsec.patch
        FreeBSD FreeBSD 4.11 -RELENG
        FreeBSD ipsec.patch
        ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:11/ipsec.patch
        FreeBSD FreeBSD 4.11 -STABLE
        FreeBSD ipsec.patch
        ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:11/ipsec.patch
        FreeBSD FreeBSD 5.3
        FreeBSD ipsec.patch
        ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:11/ipsec.patch
        FreeBSD FreeBSD 5.3 -RELEASE
        FreeBSD ipsec.patch
        ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:11/ipsec.patch
        FreeBSD FreeBSD 5.3 -RELENG
        FreeBSD ipsec.patch
        ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:11/ipsec.patch
        FreeBSD FreeBSD 5.3 -STABLE
        FreeBSD ipsec.patch
        ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:11/ipsec.patch
        FreeBSD FreeBSD 5.4 -RELENG
        FreeBSD ipsec.patch
        ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:11/ipsec.patch
        FreeBSD FreeBSD 5.4 -PRERELEASE
        FreeBSD ipsec.patch
        ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:11/ipsec.patch
        FreeBSD FreeBSD 5.4 -RELEASE
        FreeBSD ipsec.patch
        ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:11/ipsec.patch
        FreeBSD FreeBSD 6.0 -RELEASE
        FreeBSD ipsec.patch
        ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:11/ipsec.patch
        FreeBSD FreeBSD 6.0 -STABLE
        FreeBSD ipsec.patch
        ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:11/ipsec.patch
        

- 漏洞信息

24068
Multiple BSD IPsec Sequence Number fast_ipsec(4) Verification Bypass
Remote / Network Access
Loss of Integrity

- 漏洞描述

The IP Security Protocol (IPSec) on FreeBSD contains a flaw that may allow a malicious user to replay IPSec packets. The issue is triggered when IPSec fails to update the replay sequence number associated with a Security Association, allowing packets to unconditionally pass sequence number verification checks. It is possible that the flaw may allow a loss of integrity.

- 时间线

2006-03-22 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 4-STABLE, 5-STABLE, or 6-STABLE, or to the RELENG_6_0, RELENG_5_4, RELENG_5_3, RELENG_4_11, or RELENG_4_10 security branch dated after the correction date, as it has been reported to fix this vulnerability. In addition, FreeBSD has released a patch to address this vulnerability.

- 相关参考

- 漏洞作者

- 漏洞信息

FreeBSD IPsec Replay Vulnerability
Design Error 17191
Yes No
2006-03-22 12:00:00 2006-03-22 07:49:00
Pawel Jakub Dawidek is credited with the discovery of this issue.

- 受影响的程序版本

FreeBSD FreeBSD 6.0 -STABLE
FreeBSD FreeBSD 6.0 -RELEASE
FreeBSD FreeBSD 5.4 -RELENG
FreeBSD FreeBSD 5.4 -RELEASE
FreeBSD FreeBSD 5.4 -PRERELEASE
FreeBSD FreeBSD 5.3 -STABLE
FreeBSD FreeBSD 5.3 -RELENG
FreeBSD FreeBSD 5.3 -RELEASE
FreeBSD FreeBSD 5.3
FreeBSD FreeBSD 5.2.1 -RELEASE
FreeBSD FreeBSD 5.2 -RELENG
FreeBSD FreeBSD 5.2 -RELEASE
FreeBSD FreeBSD 5.2
FreeBSD FreeBSD 5.1 -RELENG
FreeBSD FreeBSD 5.1 -RELEASE/Alpha
FreeBSD FreeBSD 5.1 -RELEASE-p5
FreeBSD FreeBSD 5.1 -RELEASE
FreeBSD FreeBSD 5.1
FreeBSD FreeBSD 5.0 -RELENG
FreeBSD FreeBSD 5.0 -RELEASE-p14
FreeBSD FreeBSD 5.0 alpha
FreeBSD FreeBSD 5.0
FreeBSD FreeBSD 4.11 -STABLE
FreeBSD FreeBSD 4.11 -RELENG
FreeBSD FreeBSD 4.11 -RELEASE-p3
FreeBSD FreeBSD 4.10 -RELENG
FreeBSD FreeBSD 4.10 -RELEASE-p8
FreeBSD FreeBSD 4.10 -RELEASE
FreeBSD FreeBSD 4.10
FreeBSD FreeBSD 4.9 -RELENG
FreeBSD FreeBSD 4.9 -PRERELEASE
FreeBSD FreeBSD 4.9
FreeBSD FreeBSD 4.8 -RELENG
FreeBSD FreeBSD 4.8 -RELEASE-p7
FreeBSD FreeBSD 4.8 -PRERELEASE
FreeBSD FreeBSD 4.8
FreeBSD FreeBSD 5.4-STABLE
FreeBSD FreeBSD 4.10-PRERELEASE

- 漏洞讨论

FreeBSD's IPsec implementation is susceptible to remote replay attacks. This issue is due to the improper handling of sequence numbers in IPsec packets.

This issue allows remote attackers to replay IPsec traffic. The exact consequences of successful attacks depend on the nature of the traffic being replayed. This will likely affect only higher-level protocols such as UDP, since they don't provide their own anti-replay features.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com

- 解决方案

The vendor has released an advisory, along with fixes to address this issue. Fixes have been committed to the FreeBSD CVS repository as of 2006-03-22 16:03:25 UTC. Please see the referenced advisory for further information.


FreeBSD FreeBSD 5.4-STABLE

FreeBSD FreeBSD 4.10 -RELEASE-p8

FreeBSD FreeBSD 4.10 -RELEASE

FreeBSD FreeBSD 4.10 -RELENG

FreeBSD FreeBSD 4.10

FreeBSD FreeBSD 4.11 -RELEASE-p3

FreeBSD FreeBSD 4.11 -RELENG

FreeBSD FreeBSD 4.11 -STABLE

FreeBSD FreeBSD 5.3

FreeBSD FreeBSD 5.3 -RELEASE

FreeBSD FreeBSD 5.3 -RELENG

FreeBSD FreeBSD 5.3 -STABLE

FreeBSD FreeBSD 5.4 -RELENG

FreeBSD FreeBSD 5.4 -PRERELEASE

FreeBSD FreeBSD 5.4 -RELEASE

FreeBSD FreeBSD 6.0 -RELEASE

FreeBSD FreeBSD 6.0 -STABLE

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站