Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs

Kame-Derived Stack Non-ESP IPV4 Forwarded Packets Policy Bypassing Vulnerability

Solution:
The following patches have been provided in the advisory by Greg Troxel <gdt@ir.bbn.com>:

For NetBSD netbsd-1-5:

Index: src/sys/netinet/ip_input.c
===================================================================
RCS file: /NETBSD-CVS/netbsd/src/sys/netinet/ip_input.c,v
retrieving revision 1.1.1.1
diff -u -r1.1.1.1 ip_input.c
--- src/sys/netinet/ip_input.c 2001/07/05 14:42:54 1.1.1.1
+++ src/sys/netinet/ip_input.c 2002/02/25 01:07:02
@@ -611,6 +611,15 @@
ipstat.ips_cantforward++;
m_freem(m);
} else {
+#ifdef IPSEC
+ /*
+ * Enforce inbound IPsec SPD.
+ */
+ if (ipsec4_in_reject(m, NULL)) {
+ ipsecstat.in_polvio++;
+ goto bad;
+ }
+#endif
/*
* If ip_dst matched any of my address on !IFF_UP interface,
* and there's no IFF_UP interface that matches ip_dst,

For FreeBSD RELENG_4:

Index: src/sys/netinet/ip_input.c
===================================================================
RCS file: /FREEBSD-CVS/src/sys/netinet/ip_input.c,v
retrieving revision 1.130.2.31
diff -u -r1.130.2.31 ip_input.c
--- src/sys/netinet/ip_input.c 2001/12/15 01:06:27 1.130.2.31
+++ src/sys/netinet/ip_input.c 2002/02/24 16:10:26
@@ -625,8 +625,18 @@
if (ipforwarding == 0) {
ipstat.ips_cantforward++;
m_freem(m);
- } else
+ } else {
+#ifdef IPSEC
+ /*
+ * Enforce inbound IPsec SPD.
+ */
+ if (ipsec4_in_reject(m, NULL)) {
+ ipsecstat.in_polvio++;
+ goto bad;
+ }
+#endif /* IPSEC */
ip_forward(m, 0);
+ }
#ifdef IPFIREWALL_FORWARD
ip_fw_fwd_addr = NULL;
#endif


NetBSD NetBSD 1.5.1

NetBSD NetBSD 1.5.2







 

Privacy Statement
Copyright 2009, SecurityFocus