漏洞信息详情
FreeBSD IPsec反回放攻击实现漏洞
- CNNVD编号:CNNVD-200603-382
- 危害等级: 高危
- CVE编号: CVE-2006-0905
- 漏洞类型: 设计错误
- 发布时间: 2006-03-23
- 威胁类型: 远程
- 更新时间: 2006-04-26
- 厂 商: freebsd
- 漏洞来源: Pawel Jakub Dawidek
漏洞简介
FreeBSD就是一种运行在Intel平台上、可以自由使用的开放源码Unix类系统。
FreeBSD的IPsec实现的反回放攻击服务存在漏洞,远程攻击者可能利用此漏洞。
IPsec提供了反回放攻击服务,如果启用了该服务就可以防止攻击者成功执行回放攻击。这是通过验证序列号来实现的。fast_ipsec(4)实现中存在编程错误,导致没有升级序列号相关的安全关联,允许报文无条件的通过序列号验证检查。攻击者可以拦截IPSec报文并回放。如果使用了无法提供任何报文回放防范措施的更高级别协议(如UDP),还可能有其他影响。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
FreeBSD FreeBSD 5.4-STABLE
FreeBSD ipsec.patch
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:11/ipsec.patch
FreeBSD FreeBSD 4.10 -RELEASE-p8
FreeBSD ipsec.patch
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:11/ipsec.patch
FreeBSD FreeBSD 4.10 -RELEASE
FreeBSD ipsec.patch
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:11/ipsec.patch
FreeBSD FreeBSD 4.10 -RELENG
FreeBSD ipsec.patch
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:11/ipsec.patch
FreeBSD FreeBSD 4.10
FreeBSD ipsec.patch
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:11/ipsec.patch
FreeBSD FreeBSD 4.11 -RELEASE-p3
FreeBSD ipsec.patch
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:11/ipsec.patch
FreeBSD FreeBSD 4.11 -RELENG
FreeBSD ipsec.patch
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:11/ipsec.patch
FreeBSD FreeBSD 4.11 -STABLE
FreeBSD ipsec.patch
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:11/ipsec.patch
FreeBSD FreeBSD 5.3
FreeBSD ipsec.patch
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:11/ipsec.patch
FreeBSD FreeBSD 5.3 -RELEASE
FreeBSD ipsec.patch
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:11/ipsec.patch
FreeBSD FreeBSD 5.3 -RELENG
FreeBSD ipsec.patch
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:11/ipsec.patch
FreeBSD FreeBSD 5.3 -STABLE
FreeBSD ipsec.patch
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:11/ipsec.patch
FreeBSD FreeBSD 5.4 -RELENG
FreeBSD ipsec.patch
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:11/ipsec.patch
FreeBSD FreeBSD 5.4 -PRERELEASE
FreeBSD ipsec.patch
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:11/ipsec.patch
FreeBSD FreeBSD 5.4 -RELEASE
FreeBSD ipsec.patch
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:11/ipsec.patch
FreeBSD FreeBSD 6.0 -RELEASE
FreeBSD ipsec.patch
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:11/ipsec.patch
FreeBSD FreeBSD 6.0 -STABLE
FreeBSD ipsec.patch
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:11/ipsec.patch
参考网址
来源: BID
名称: 17191
链接:http://www.securityfocus.com/bid/17191
来源: SECUNIA
名称: 19366
链接:http://secunia.com/advisories/19366
来源: FREEBSD
名称: FreeBSD-SA-06:11
链接:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:11.ipsec.asc
来源: XF
名称: bsd-ipsec-replay(25398)
链接:http://xforce.iss.net/xforce/xfdb/25398
来源: OSVDB
名称: 24068
链接:http://www.osvdb.org/24068
来源: SECTRACK
名称: 1015809
链接:http://securitytracker.com/id?1015809
来源: NETBSD
名称: NetBSD-SA2006-011
链接:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2006-011.txt.asc
受影响实体
- Freebsd Freebsd:5.1:Releng
- Freebsd Freebsd:5.1:Release_p5
- Freebsd Freebsd:5.1:Release
补丁
暂无
![weinxin](http://zone.ci/zone_ci_images/zone.ci.png)
评论