SecurityFocus.com: Multiple Linux Vendor 2.2.x Kernel IP Masquerading VulnerabilitiesApr 27, 2000, 00:47 (2 Talkback[s])
[ Thanks to Gene Wilburn for this link. ]
"A serious vulnerability exists in the IP Masquerading code present in, but not necessarily limited to, the 2.2.x Linux kernel. Due to poor checking of connections in the kernel code, an attacker can potentially rewrite the UDP masquerading entries, making it possible for UDP packets to be routed back to the internal machine."
"The IP masquerading code only uses destination ports to determine if a packet from the external network is to be forwarded to the internal network. It then sets the remote host and port in its tables to the source address and port of the incoming packet. The attacker needs to determine the local port on the masq gateway to be able to rewrite the table with their own address and port. As the range of ports used to masquerade connections is small, from 6100 to 65096 for both UDP and TCP, it becomes fairly easy for an external host to determine the ports in use...."
0 Talkback[s] (click to add your comment)