CVE-2006-0905
CVSS7.5
发布时间 :2006-03-23 06:06:00
修订时间 :2017-07-19 21:30:10
NMCOS    

[原文]A "programming error" in fast_ipsec in FreeBSD 4.8-RELEASE through 6.1-STABLE and NetBSD 2 through 3 does not properly update the sequence number associated with a Security Association, which allows packets to pass sequence number checks and allows remote attackers to capture IPSec packets and conduct replay attacks.


[CNNVD]FreeBSD IPsec反回放攻击实现漏洞(CNNVD-200603-382)

        FreeBSD就是一种运行在Intel平台上、可以自由使用的开放源码Unix类系统。
        FreeBSD的IPsec实现的反回放攻击服务存在漏洞,远程攻击者可能利用此漏洞。
        IPsec提供了反回放攻击服务,如果启用了该服务就可以防止攻击者成功执行回放攻击。这是通过验证序列号来实现的。fast_ipsec(4)实现中存在编程错误,导致没有升级序列号相关的安全关联,允许报文无条件的通过序列号验证检查。攻击者可以拦截IPSec报文并回放。如果使用了无法提供任何报文回放防范措施的更高级别协议(如UDP),还可能有其他影响。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/o:freebsd:freebsd:5.1:release
cpe:/o:freebsd:freebsd:6.0:release
cpe:/o:freebsd:freebsd:5.4:pre-release
cpe:/o:freebsd:freebsd:4.10:releng
cpe:/o:freebsd:freebsd:4.11:releng
cpe:/o:freebsd:freebsd:4.9:pre-release
cpe:/o:freebsd:freebsd:5.4:release
cpe:/o:freebsd:freebsd:5.3:release
cpe:/o:freebsd:freebsd:4.10FreeBSD 4.10
cpe:/o:freebsd:freebsd:5.3:stable
cpe:/o:freebsd:freebsd:4.8:pre-release
cpe:/o:freebsd:freebsd:5.4:stable
cpe:/o:freebsd:freebsd:4.11:release_p3
cpe:/o:netbsd:netbsd:3.0NetBSD 3.0
cpe:/o:freebsd:freebsd:6.0:stable
cpe:/o:netbsd:netbsd:2.0NetBSD 2.0
cpe:/o:freebsd:freebsd:5.4:releng
cpe:/o:freebsd:freebsd:5.3:releng
cpe:/o:freebsd:freebsd:5.1:releng
cpe:/o:freebsd:freebsd:4.9:releng
cpe:/o:freebsd:freebsd:4.8:releng
cpe:/o:freebsd:freebsd:5.2.1:releng
cpe:/o:freebsd:freebsd:5.0:releng
cpe:/o:freebsd:freebsd:4.11:stable
cpe:/o:freebsd:freebsd:4.10:release
cpe:/o:freebsd:freebsd:5.0:release_p14
cpe:/o:freebsd:freebsd:5.2FreeBSD 5.2
cpe:/o:freebsd:freebsd:5.3FreeBSD 5.3
cpe:/o:freebsd:freebsd:4.9FreeBSD 4.9
cpe:/o:freebsd:freebsd:5.1FreeBSD 5.1
cpe:/o:freebsd:freebsd:5.1:alpha
cpe:/o:freebsd:freebsd:5.0FreeBSD 5.0
cpe:/o:freebsd:freebsd:4.10:release_p8
cpe:/o:freebsd:freebsd:5.2.1:release
cpe:/o:freebsd:freebsd:4.8FreeBSD 4.8
cpe:/o:freebsd:freebsd:5.0:alpha
cpe:/o:freebsd:freebsd:4.8:release_p7
cpe:/o:freebsd:freebsd:5.1:release_p5

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0905
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-0905
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200603-382
(官方数据源) CNNVD

- 其它链接及资源

ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:11.ipsec.asc
(VENDOR_ADVISORY)  FREEBSD  FreeBSD-SA-06:11
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2006-011.txt.asc
(UNKNOWN)  NETBSD  NetBSD-SA2006-011
http://securitytracker.com/id?1015809
(UNKNOWN)  SECTRACK  1015809
http://www.securityfocus.com/bid/17191
(PATCH)  BID  17191
https://exchange.xforce.ibmcloud.com/vulnerabilities/25398
(UNKNOWN)  XF  bsd-ipsec-replay(25398)

- 漏洞信息

FreeBSD IPsec反回放攻击实现漏洞
高危 设计错误
2006-03-23 00:00:00 2006-04-26 00:00:00
远程  
        FreeBSD就是一种运行在Intel平台上、可以自由使用的开放源码Unix类系统。
        FreeBSD的IPsec实现的反回放攻击服务存在漏洞,远程攻击者可能利用此漏洞。
        IPsec提供了反回放攻击服务,如果启用了该服务就可以防止攻击者成功执行回放攻击。这是通过验证序列号来实现的。fast_ipsec(4)实现中存在编程错误,导致没有升级序列号相关的安全关联,允许报文无条件的通过序列号验证检查。攻击者可以拦截IPSec报文并回放。如果使用了无法提供任何报文回放防范措施的更高级别协议(如UDP),还可能有其他影响。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        FreeBSD FreeBSD 5.4-STABLE
        FreeBSD ipsec.patch
        ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:11/ipsec.patch
        FreeBSD FreeBSD 4.10 -RELEASE-p8
        FreeBSD ipsec.patch
        ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:11/ipsec.patch
        FreeBSD FreeBSD 4.10 -RELEASE
        FreeBSD ipsec.patch
        ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:11/ipsec.patch
        FreeBSD FreeBSD 4.10 -RELENG
        FreeBSD ipsec.patch
        ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:11/ipsec.patch
        FreeBSD FreeBSD 4.10
        FreeBSD ipsec.patch
        ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:11/ipsec.patch
        FreeBSD FreeBSD 4.11 -RELEASE-p3
        FreeBSD ipsec.patch
        ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:11/ipsec.patch
        FreeBSD FreeBSD 4.11 -RELENG
        FreeBSD ipsec.patch
        ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:11/ipsec.patch
        FreeBSD FreeBSD 4.11 -STABLE
        FreeBSD ipsec.patch
        ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:11/ipsec.patch
        FreeBSD FreeBSD 5.3
        FreeBSD ipsec.patch
        ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:11/ipsec.patch
        FreeBSD FreeBSD 5.3 -RELEASE
        FreeBSD ipsec.patch
        ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:11/ipsec.patch
        FreeBSD FreeBSD 5.3 -RELENG
        FreeBSD ipsec.patch
        ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:11/ipsec.patch
        FreeBSD FreeBSD 5.3 -STABLE
        FreeBSD ipsec.patch
        ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:11/ipsec.patch
        FreeBSD FreeBSD 5.4 -RELENG
        FreeBSD ipsec.patch
        ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:11/ipsec.patch
        FreeBSD FreeBSD 5.4 -PRERELEASE
        FreeBSD ipsec.patch
        ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:11/ipsec.patch
        FreeBSD FreeBSD 5.4 -RELEASE
        FreeBSD ipsec.patch
        ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:11/ipsec.patch
        FreeBSD FreeBSD 6.0 -RELEASE
        FreeBSD ipsec.patch
        ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:11/ipsec.patch
        FreeBSD FreeBSD 6.0 -STABLE
        FreeBSD ipsec.patch
        ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:11/ipsec.patch
        

- 漏洞信息

<
24068
Multiple BSD IPsec Sequence Number fast_ipsec(4) Verification Bypass
Remote / Network Access
Loss of Integrity