IPFilter Firewall SYN/RST Race Condition

2000-05-25T00:00:00
ID OSVDB:1377
Type osvdb
Reporter EMF(emf@prettyhatemachine.obfuscation.org)
Modified 2000-05-25T00:00:00

Description

Vulnerability Description

IPFilter contains a flaw that may allow a remote attacker to bypass the ruleset. The issue is due to the presence of overlapping rules that relate to "return-rst" and "keep state". These two rules create a race condition that may allow an attacker to send the right sequence of packets to win, allowing them to bypass the filter rules completely.

Solution Description

Upgrade to version 3.3.16, 3.4.4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

IPFilter contains a flaw that may allow a remote attacker to bypass the ruleset. The issue is due to the presence of overlapping rules that relate to "return-rst" and "keep state". These two rules create a race condition that may allow an attacker to send the right sequence of packets to win, allowing them to bypass the filter rules completely.

References:

Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2000-05/0326.html ISS X-Force ID: 4994 CVE-2000-0553 Bugtraq ID: 1308