Multiple BSD ipfw / ip6fw ECE Bit Filtering Evasion

high Nessus Plugin ID 12118

Synopsis

Firewall rules may be circumvented.

Description

The remote host seems vulnerable to a bug wherein a remote attacker can circumvent the firewall by setting the ECE bit within the TCP flags field. At least one firewall (ipfw) is known to exhibit this sort of behavior.

Known vulnerable systems include all FreeBSD 3.x ,4.x, 3.5-STABLE, and 4.2-STABLE.

Solution

If you are running FreeBSD 3.X, 4.x, 3.5-STABLE, 4.2-STABLE, upgrade your firewall. If you are not running FreeBSD, contact your firewall vendor for a patch.

Plugin Details

Severity: High

ID: 12118

File Name: ece_flag.nasl

Version: 1.23

Type: remote

Family: Firewalls

Published: 3/30/2004

Updated: 3/21/2022

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.2

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2001-0183

CVSS v3

Risk Factor: High

Base Score: 7.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Vulnerability Information

Required KB Items: Settings/ParanoidReport

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 1/23/2001

Reference Information

CVE: CVE-2001-0183

BID: 2293