首页 -> 安全研究
安全研究
安全漏洞
Watchguard Firebox ll PPTP 拒绝服务攻击
发布日期:2001-02-19
更新日期:2001-02-19
受影响系统:
描述:
WatchGuard Firebox II 4.5
BUGTRAQ ID: 2369
CVE(CAN) ID: CVE-2001-0204
通过发送畸形的PPTP报文给Watchguard,可能导致PPTP守护进程中止。必须
重新启动WatchGuard才能恢复正常的PPTP功能.
<*来源:Andreas Sandor (andreas.sandor@defcom.com)
相关链接:def-2001-07: Watchguard Firebox II PPTP DoS
http://www.defcom.com
*>
测试方法:
警 告
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
使用telnet连接Watchguard Firebox的PPTP端口,然后断开连接。这样重复
12次左右,将导致PPTP守护进程崩溃。所有已连接的用户将被断开连接,
新的连接也不会被建立。
下面是攻击记录:
pptpd[113]: Watchguard pptpd 2.2.0 started
pptpd[113]: Using interface pptp0
kernel: pptp0: daemon attached.
pptpd[113]: Connect: pptp0 [0] <--> 10.2.0.7
pptpd[113]: User "test" at 10.45.0.150 logged in
pptpd[113]: Add Host 7 10.45.0.150 pptp_users test succeeded
pptpd[113]: Compression enabled
pptpd[113]: Using PPTP encryption RC4 128-bit.
pptpd[113]: Not using any PPTP software compression.
pptpd[113]: Using stateless mode.
pptpd[113]: Allowing unsafe packet transfer mode for lossy links.
pptpd[113]: local IP address 10.45.0.9
pptpd[113]: remote IP address 10.45.0.150
pptpd[113]: found interface eth1 for proxy arp
tunneld[95]: process_rfds: received bad packet from 10.2.0.7
tunneld[95]: process_rfds: received bad packet from 10.2.0.7
tunneld[95]: process_rfds: received bad packet from 10.2.0.7
tunneld[95]: process_rfds: received bad packet from 10.2.0.7
tunneld[95]: process_rfds: received bad packet from 10.2.0.7
tunneld[95]: process_rfds: received bad packet from 10.2.0.7
tunneld[95]: process_rfds: received bad packet from 10.2.0.7
tunneld[95]: process_rfds: received bad packet from 10.2.0.7
tunneld[95]: process_rfds: received bad packet from 10.2.0.7
tunneld[95]: process_rfds: received bad packet from 10.2.0.7
tunneld[95]: process_rfds: exceeded maximum number of consecutive bad
packets from 10.2.0.7
pptpd[113]: Terminating on signal 2.
pptpd[113]: Connection terminated.
pptpd[113]: Persist flag not set, so we are exiting.
kernel: pptp0: pptp_sock_close
pptpd[113]: Drop Host 7 10.45.0.150 pptp_users test succeeded
pptpd[113]: User "test" at 10.45.0.150 logged out
pptpd[113]: Exit.
tunneld[95]: TERMINATED
init[1]: Pid 95: exit 0
建议:
厂商补丁:
watchguard已经发布了一个补丁来解决这个问题,NSFOCUS建议您立刻下载并安
装此补丁。补丁下载地址:
http://www.watchguard.com/support
浏览次数:4108
严重程度:0(网友投票)
绿盟科技给您安全的保障