首页 -> 安全研究

安全研究

安全漏洞
Watchguard Firebox ll PPTP 拒绝服务攻击

发布日期:2001-02-19
更新日期:2001-02-19

受影响系统:

WatchGuard Firebox II 4.5
描述:

BUGTRAQ  ID: 2369
CVE(CAN) ID: CVE-2001-0204

通过发送畸形的PPTP报文给Watchguard,可能导致PPTP守护进程中止。必须
重新启动WatchGuard才能恢复正常的PPTP功能.

<*来源:Andreas Sandor (andreas.sandor@defcom.com)
        相关链接:def-2001-07: Watchguard Firebox II PPTP DoS
                  http://www.defcom.com
*>



测试方法:

警 告

以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!


使用telnet连接Watchguard Firebox的PPTP端口,然后断开连接。这样重复
12次左右,将导致PPTP守护进程崩溃。所有已连接的用户将被断开连接,
新的连接也不会被建立。

下面是攻击记录:
pptpd[113]:  Watchguard pptpd 2.2.0 started
pptpd[113]:  Using interface pptp0
kernel:  pptp0: daemon attached.
pptpd[113]:  Connect: pptp0 [0] <--> 10.2.0.7
pptpd[113]:  User "test" at 10.45.0.150 logged in
pptpd[113]:  Add Host 7 10.45.0.150 pptp_users test succeeded
pptpd[113]:  Compression enabled
pptpd[113]:  Using PPTP encryption RC4 128-bit.
pptpd[113]:  Not using any PPTP software compression.
pptpd[113]:  Using stateless mode.
pptpd[113]:  Allowing unsafe packet transfer mode for lossy links.
pptpd[113]:  local  IP address 10.45.0.9
pptpd[113]:  remote IP address 10.45.0.150
pptpd[113]:  found interface eth1 for proxy arp
tunneld[95]:  process_rfds: received bad packet from 10.2.0.7
tunneld[95]:  process_rfds: received bad packet from 10.2.0.7
tunneld[95]:  process_rfds: received bad packet from 10.2.0.7
tunneld[95]:  process_rfds: received bad packet from 10.2.0.7
tunneld[95]:  process_rfds: received bad packet from 10.2.0.7
tunneld[95]:  process_rfds: received bad packet from 10.2.0.7
tunneld[95]:  process_rfds: received bad packet from 10.2.0.7
tunneld[95]:  process_rfds: received bad packet from 10.2.0.7
tunneld[95]:  process_rfds: received bad packet from 10.2.0.7
tunneld[95]:  process_rfds: received bad packet from 10.2.0.7
tunneld[95]:  process_rfds: exceeded maximum number of consecutive bad
packets from 10.2.0.7
pptpd[113]:  Terminating on signal 2.
pptpd[113]:  Connection terminated.
pptpd[113]:  Persist flag not set, so we are exiting.
kernel:  pptp0: pptp_sock_close
pptpd[113]:  Drop Host 7 10.45.0.150 pptp_users test succeeded
pptpd[113]:  User "test" at 10.45.0.150 logged out
pptpd[113]:  Exit.
tunneld[95]:  TERMINATED
init[1]:  Pid 95: exit 0


建议:

厂商补丁:
watchguard已经发布了一个补丁来解决这个问题,NSFOCUS建议您立刻下载并安
装此补丁。补丁下载地址:
http://www.watchguard.com/support



浏览次数:4108
严重程度:0(网友投票)
本安全漏洞由绿盟科技翻译整理,版权所有,未经许可,不得转载
绿盟科技给您安全的保障
关于我们
公司介绍
公司荣誉
公司新闻
联系我们
公司总部
分支机构
海外机构
快速链接
绿盟云
绿盟威胁情报中心NTI
技术博客